Vulnerabilities > CVE-2022-2450 - Missing Authorization vulnerability in Resmush.It Image Optimizer

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
resmush-it
CWE-862

Summary

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them.

Vulnerable Configurations

Part Description Count
Application
Resmush.It
47

Common Weakness Enumeration (CWE)