cleantalk
Vulnerabilities and Security Researches

reSmush.it : The original free image compressor and optimizer plugin, CVE-2022-2449

CVE, Research URL

CVE-2022-2449

Home page URL

Security reports for reSmush.it : The original free image compressor and optimizer plugin

Application

reSmush.it : The original free image compressor and optimizer plugin

Published on
Nov 14, 2022
Research Description
The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site.
Affected versions
Min -, max 0.4.7.
Status
vulnerable
Previous vulnerability researches
reSmush.it : The original free image compressor and optimizer plugin (CVE-2022-2450) , Jun 07, 2024
reSmush.it : The original free image compressor and optimizer plugin (CVE-2022-2448) , Jun 07, 2024
reSmush.it : The original free image compressor and optimizer plugin (CVE-2022-2449) , Jun 07, 2024
New vulnerability
Abandoned Contact Form 7 (CVE-2025-52817) , Jun 29, 2025
Simple Payment (CVE-2025-6688) , Jun 29, 2025
SiteGuard WP Plugin , Jun 28, 2025
DirectIQ Email Marketing (CVE-2025-52829) , Jun 28, 2025
e.nigma buttons (CVE-2025-5535) , Jun 28, 2025