CVE-2022-4101 - Vulnerability Details - OpenCVE

ReportizFlow

The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Images Optimize And Upload Cf7 Project	Images Optimize And Upload Cf7

Configuration 1 [-]

cpe:2.3:a:images_optimize_and_upload_cf7_project:images_optimize_and_upload_cf7:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eeb

History

Fri, 04 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-01-16T15:37:49.606Z

Updated: 2025-04-04T18:24:43.550Z

Reserved: 2022-11-21T13:53:21.113Z

Link: CVE-2022-4101

Vulnrichment

Updated: 2024-08-03T01:27:54.487Z

NVD

Status : Modified

Published: 2023-01-16T16:15:11.070

Modified: 2025-04-04T19:15:42.527

Link: CVE-2022-4101

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4101", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2022-11-21T13:53:21.113Z", "datePublished": "2023-01-16T15:37:49.606Z", "dateUpdated": "2025-04-04T18:24:43.550Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-01-16T15:37:49.606Z"}, "title": "Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion", "problemTypes": [{"descriptions": [{"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Images Optimize and Upload CF7", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThanOrEqual": "2.1.4"}], "defaultStatus": "affected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack."}], "references": [{"url": "https://wpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eeb", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "cydave", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:27:54.487Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eeb", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-04T18:24:12.796160Z", "id": "CVE-2022-4101", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T18:24:43.550Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eeb", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:27:54.487Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-4101", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-04T18:24:12.796160Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T18:24:37.987Z"}}], "cna": {"title": "Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "cydave"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Images Optimize and Upload CF7", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.1.4"}], "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "affected"}], "references": [{"url": "https://wpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eeb", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-01-16T15:37:49.606Z"}}}, "cveMetadata": {"cveId": "CVE-2022-4101", "state": "PUBLISHED", "dateUpdated": "2025-04-04T18:24:43.550Z", "dateReserved": "2022-11-21T13:53:21.113Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2023-01-16T15:37:49.606Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:images_optimize_and_upload_cf7_project:images_optimize_and_upload_cf7:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "53EE002D-6784-4F1F-A7EE-C9B976B7143E", "versionEndIncluding": "2.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack."}, {"lang": "es", "value": "El complemento Images Optimize and Upload CF7 de WordPress hasta la versi\u00f3n 2.1.4 no valida el archivo que se eliminar\u00e1 mediante una acci\u00f3n AJAX disponible para usuarios no autenticados. Esto podr\u00eda permitirles eliminar archivos arbitrarios en el servidor mediante un ataque de path traversal."}], "id": "CVE-2022-4101", "lastModified": "2025-04-04T19:15:42.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-01-16T16:15:11.070", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eeb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eeb"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified"}