High severity8.8NVD Advisory· Published Oct 20, 2023· Updated Jun 17, 2026
CVE-2022-2441
CVE-2022-2441
Description
The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:orangelab:imagemagick_engine:*:*:*:*:*:wordpress:*:*Range: <=1.7.5
- Range: <=1.7.5
Patches
Vulnerability mechanics
References
6- github.com/orangelabweb/imagemagick-engine/blob/1.7.4/imagemagick-engine.phpnvdPatch
- github.com/orangelabweb/imagemagick-engine/blob/v.1.7.2/imagemagick-engine.phpnvdPatch
- plugins.trac.wordpress.org/changesetnvdPatch
- www.exploit-db.com/exploits/51025nvdExploitThird Party AdvisoryVDB Entry
- www.wordfence.com/threat-intel/vulnerabilities/id/b1f17a83-1df0-44fe-bd86-243cff6ec91bnvdThird Party Advisory
- www.wordfence.com/vulnerability-advisories-continued/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.