Medium severity6.5NVD Advisory· Published Nov 14, 2022· Updated Jun 17, 2026
CVE-2022-2449
CVE-2022-2449
Description
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/reSmush.it : the only free Image Optimizer & compress plugindescription
- Range: <0.4.4
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/6e42f26b-3403-4d55-99ad-2c8e2d76e537nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.