cleantalk
Vulnerabilities and Security Researches

reSmush.it : The original free image compressor and optimizer plugin, CVE-2022-2448

CVE, Research URL

CVE-2022-2448

Home page URL

Security reports for reSmush.it : The original free image compressor and optimizer plugin

Application

reSmush.it : The original free image compressor and optimizer plugin

Published on
Oct 11, 2022
Research Description
The reSmush.it WordPress plugin before 0.4.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Affected versions
Min -, max 0.4.6.
Status
vulnerable
Previous vulnerability researches
reSmush.it : The original free image compressor and optimizer plugin (CVE-2022-2450) , Jun 07, 2024
reSmush.it : The original free image compressor and optimizer plugin (CVE-2022-2448) , Jun 07, 2024
reSmush.it : The original free image compressor and optimizer plugin (CVE-2022-2449) , Jun 07, 2024
New vulnerability
Abandoned Contact Form 7 (CVE-2025-52817) , Jun 29, 2025
Simple Payment (CVE-2025-6688) , Jun 29, 2025
SiteGuard WP Plugin , Jun 28, 2025
DirectIQ Email Marketing (CVE-2025-52829) , Jun 28, 2025
e.nigma buttons (CVE-2025-5535) , Jun 28, 2025