{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-2449", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "dateUpdated": "2024-08-03T00:39:07.578Z", "dateReserved": "2022-07-17T00:00:00", "datePublished": "2022-11-14T00:00:00"}, "containers": {"cna": {"title": "reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF", "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2022-11-14T00:00:00"}, "descriptions": [{"lang": "en", "value": "The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site."}], "affected": [{"vendor": "Unknown", "product": "reSmush.it : the only free Image Optimizer & compress plugin", "versions": [{"version": "0.4.4", "status": "affected", "lessThan": "0.4.4", "versionType": "custom"}]}], "references": [{"url": "https://wpscan.com/vulnerability/6e42f26b-3403-4d55-99ad-2c8e2d76e537"}], "credits": [{"lang": "en", "value": "Raad Haddad of Cloudyrion GmbH"}], "problemTypes": [{"descriptions": [{"type": "CWE", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "lang": "en"}]}], "x_generator": "WPScan CVE Generator", "source": {"discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:07.578Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/6e42f26b-3403-4d55-99ad-2c8e2d76e537", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:resmush.it:resmush.it_image_optimizer:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "77965192-1CDC-4C6B-A5E6-5F8680AF6354", "versionEndExcluding": "0.4.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site."}, {"lang": "es", "value": "El reSmush.it: el \u00fanico complemento gratuito Image Optimizer &amp; compress para WordPress anterior a 0.4.4 no realiza comprobaciones CSRF para ninguna de sus acciones AJAX, lo que permite a los atacantes enga\u00f1ar a los usuarios que han iniciado sesi\u00f3n para que realicen diversas acciones en su nombre en el sitio."}], "id": "CVE-2022-2449", "lastModified": "2022-11-16T19:00:07.810", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-14T15:15:19.013", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/6e42f26b-3403-4d55-99ad-2c8e2d76e537"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "contact@wpscan.com", "type": "Primary"}]}

{}