{
  "id": "CVE-2022-2449",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2022-11-14T15:15:19.013",
  "lastModified": "2024-11-21T07:01:00.797",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site."
    },
    {
      "lang": "es",
      "value": "El reSmush.it: el \u00fanico complemento gratuito Image Optimizer & compress para WordPress anterior a 0.4.4 no realiza comprobaciones CSRF para ninguna de sus acciones AJAX, lo que permite a los atacantes enga\u00f1ar a los usuarios que han iniciado sesi\u00f3n para que realicen diversas acciones en su nombre en el sitio."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "contact@wpscan.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:resmush.it:resmush.it_image_optimizer:*:*:*:*:*:wordpress:*:*",
              "versionEndExcluding": "0.4.7",
              "matchCriteriaId": "77965192-1CDC-4C6B-A5E6-5F8680AF6354"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/6e42f26b-3403-4d55-99ad-2c8e2d76e537",
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://wpscan.com/vulnerability/6e42f26b-3403-4d55-99ad-2c8e2d76e537",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}