CVE-2022-2450

CVE-2022-2450: reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls

Vendor Unknown
Product reSmush.it : the only free Image Optimizer & compress plugin
Weakness CWE-862 · Missing authorization
Published November 14, 2022
Last update April 30, 2025

CVSS base score

What the vulnerability does

01Description

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them.

Key dates

02Disclosure timeline

November 14, 2022 CVE published
April 30, 2025 Record updated