WordPress Plugin Vulnerabilities

Smush < 3.16.5 - Subscriber+ Resmush List Deletion

Description

The plugin is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for Nextgen or the Media Library.

Affects Plugins

Plugin icon
wp-smushit
Fixed in 3.16.5

References

CVE
CVE-2023-3352
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/dfbaa3e4-40c2-41d8-996c-232e27a04b73

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Truoc Phan, An Đặng
Verified
No
WPVDB ID
2b653715-c524-4979-bfdb-7a8d09f132d2

Timeline

Publicly Published
2024-06-20 (about 1 year ago)
Added
2024-06-24 (about 1 year ago)
Last Updated
2024-06-24 (about 1 year ago)

Other

Published
Title
Published
2024-04-09
Title
WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Settings
Published
2024-08-26
Title
WP Crowdfunding < 2.1.11 - Missing Authorization to Authenticated (Subscriber+) to Enable/Disable Addons
Published
2024-10-10
Title
Linkz.ai < 1.2.0 - Unauthenticated Plugin Settings Update
Published
2025-12-31
Title
Reuters Direct <= 3.0.0 - Missing Authorization
Published
2025-10-30
Title
Booster for WooCommerce < 7.5.0 - Missing Authorization