CVE Vulnerabilities

CVE-2022-4101

Published: Jan 16, 2023 | Modified: Nov 07, 2023

CVSS 3.x

9.1

CRITICAL

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-4101
CWE	https://cwe.mitre.org/data/definitions/.html

The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack.

Affected Software

Name	Vendor	Start Version	End Version
Images_optimize_and_upload_cf7	Images_optimize_and_upload_cf7_project	*	2.1.4 (including)

References

https://wpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eeb

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.