VYPR

ImageMagick Engine

by WordPress

CVEs (2)

  • CVE-2022-2441HigOct 20, 2023
    risk 0.57cvss 8.8epss 0.01

    The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they…

  • CVE-2022-3568HigFeb 10, 2023
    risk 0.50cvss 8.8epss 0.01

    The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site…