exploitDog

CVE-2022-2449

Опубликовано: 14 нояб. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site.

Ссылки

https://wpscan.com/vulnerability/6e42f26b-3403-4d55-99ad-2c8e2d76e537
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/6e42f26b-3403-4d55-99ad-2c8e2d76e537
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:resmush.it:resmush.it_image_optimizer:*:*:*:*:*:wordpress:*:*

Версия до 0.4.7 (исключая)

EPSS

Процентиль: 35%

0.00144

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-h6px-5m2g-9p4v

CVSS3: 6.5

github

около 3 лет назад

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site.

EPSS

Процентиль: 35%

0.00144

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352

CWE-352