VYPR
Medium severity6.5NVD Advisory· Published Nov 14, 2022· Updated Jun 17, 2026

CVE-2022-2449

CVE-2022-2449

Description

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • WordPress/reSmush.it : the only free Image Optimizer & compress plugindescription
  • Range: <0.4.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.