CVE-2022-2449

CVE-2022-2449: reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF

Vendor Unknown

Product reSmush.it : the only free Image Optimizer & compress plugin

Weakness CWE-352 · CSRF

Published November 14, 2022

Last update April 30, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site.

Key dates

02Disclosure timeline

November 14, 2022 CVE published

April 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2449 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2023-37985 WordPress Five Star Restaurant Menu Plugin <= 2.4.6 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2019-12636 Cisco Small Business Smart and Managed Switches Cross-Site Request Forgery Vulnerability CVE-2025-11442 JhumanJ OpnForm API Endpoint cross-site request forgery CVE-2025-58804 WordPress WooCommerce Single Page Checkout Plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2022-4021 Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery