exploitDog

CVE-2022-2450

Опубликовано: 14 нояб. 2022

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them.

Ссылки

https://wpscan.com/vulnerability/1b3ff124-f973-4584-a7d7-26cc404bfe2b
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/1b3ff124-f973-4584-a7d7-26cc404bfe2b
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:resmush.it:resmush.it_image_optimizer:*:*:*:*:*:wordpress:*:*

Версия до 0.4.4 (исключая)

EPSS

Процентиль: 36%

0.00153

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862

CWE-862

Связанные уязвимости

GHSA-93hf-hv49-rhh9

CVSS3: 4.3

github

около 3 лет назад

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them.

EPSS

Процентиль: 36%

0.00153

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862

CWE-862