Strix
26.1K

CVE-2022-4101

CRITICALCVSS 9.1/10EPSS 29.37%

Last modified

CVE-2022-4101 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack.. EPSS estimates a 29.37% chance of exploitation in the next 30 days.

Description

The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack.

Metrics

CVSS 3.1
9.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Probability
29.37%

97.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Images Optimize And Upload Cf7 ProjectImages Optimize And Upload Cf7<= 2.1.4

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-4101?
The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack.
How severe is CVE-2022-4101?
CVE-2022-4101 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 29.37% probability of exploitation in the next 30 days.
How do I fix CVE-2022-4101?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-4101?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST