The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-01-16T15:37:49.606Z

Updated: 2024-08-03T01:27:54.487Z

Reserved: 2022-11-21T13:53:21.113Z

Link: CVE-2022-4101

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-01-16T16:15:11.070

Modified: 2023-11-07T03:56:55.770

Link: CVE-2022-4101

cve-icon Redhat

No data.