All the vulnerabilites related to Unknown - reSmush.it : the only free Image Optimizer & compress plugin
cve-2022-2448
Vulnerability from cvelistv5
Published
2022-10-10 00:00
Modified
2024-08-03 00:39
Severity ?
EPSS score ?
Summary
reSmush.it Image Optimizer < 0.4.6 - Admin+ Cross-Site Scripting
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a4599942-2878-4da4-b55d-077775323b61"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "reSmush.it : the only free Image Optimizer \u0026 compress plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.4.6",
"status": "affected",
"version": "0.4.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"descriptions": [
{
"lang": "en",
"value": "The reSmush.it WordPress plugin before 0.4.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfiltered_html is disallowed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-10T00:00:00",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/a4599942-2878-4da4-b55d-077775323b61"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "reSmush.it Image Optimizer \u003c 0.4.6 - Admin+ Cross-Site Scripting",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2448",
"datePublished": "2022-10-10T00:00:00",
"dateReserved": "2022-07-17T00:00:00",
"dateUpdated": "2024-08-03T00:39:07.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2449
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2025-04-30 19:40
Severity ?
EPSS score ?
Summary
reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/6e42f26b-3403-4d55-99ad-2c8e2d76e537"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2449",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T19:40:01.093887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T19:40:46.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "reSmush.it : the only free Image Optimizer \u0026 compress plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.4.4",
"status": "affected",
"version": "0.4.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"descriptions": [
{
"lang": "en",
"value": "The reSmush.it : the only free Image Optimizer \u0026 compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/6e42f26b-3403-4d55-99ad-2c8e2d76e537"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "reSmush.it Image Optimizer \u003c 0.4.7 - Multiple CSRF",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2449",
"datePublished": "2022-11-14T00:00:00.000Z",
"dateReserved": "2022-07-17T00:00:00.000Z",
"dateUpdated": "2025-04-30T19:40:46.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2450
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2025-04-30 19:39
Severity ?
EPSS score ?
Summary
reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1b3ff124-f973-4584-a7d7-26cc404bfe2b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2450",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T19:39:05.535266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T19:39:40.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "reSmush.it : the only free Image Optimizer \u0026 compress plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.4.4",
"status": "affected",
"version": "0.4.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"descriptions": [
{
"lang": "en",
"value": "The reSmush.it : the only free Image Optimizer \u0026 compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/1b3ff124-f973-4584-a7d7-26cc404bfe2b"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "reSmush.it Image Optimizer \u003c 0.4.4 - Subscriber+ AJAX Calls",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2450",
"datePublished": "2022-11-14T00:00:00.000Z",
"dateReserved": "2022-07-17T00:00:00.000Z",
"dateUpdated": "2025-04-30T19:39:40.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}