Security Advisory

CVE-2022-2449

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-11-14 00:00:00

Last updated 2025-04-30 19:40:46

Assigner WPScan

State PUBLISHED

Description

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site.

← Browse all CVEs View on cve.org ↗