CVE-2022-2449

MEDIUM

resmush.it Image Optimizer < 0.4.7 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site.

References (1)

Core 1
Core References

Scores

CVSS v3 6.5
EPSS 0.0033
EPSS Percentile 24.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
resmush.it/resmush.it_image_optimizer < 0.4.7
Published Nov 14, 2022
Tracked Since Feb 18, 2026