CVE-2022-2450 The reSmush.it: the only free Image Optimizer & compress plugin before 0.4.4 lacks authorization, which allows subscribers to call it.
Even though reSmush.it has an “Authorization” setting, it has no enforcement method, meaning that anyone with the ability to set this option can use the plugin. As a result, the plugin could be abused by hackers. reSmush.it is not the only image optimization plugin on the market with this issue. Another popular plugin is called WP Smush.
The WP Smush team released a security update on their plugin to fix this issue.
How to check if your WordPress website has a potential vulnerability
If you have the WP Smush plugin installed on your WordPress website, there are a few things you can do to check if it has been compromised. First, you should check in your WordPress admin panel by looking at your Plugins page to see if reSmush.it is installed. If it is, there will be no “Authorization” setting.
Next, go to your web hosting provider and search for the file with reSmush.it's name as well as "reSmush". The file should contain this text: "Authorization=1" (without quotation marks) which means that the plugin has an "Authorization" setting.
If these steps did not provide any information about whether or not reSmush was installed on your site, then you will need to contact your web host and have them look into what happened.
How to check if your WordPress site has a reSmush.it plugin installed
Login to your WordPress site using SSH and run the following command:
find / -name "reSmush.it"
If you find reSmush.it in your search results, this indicates that you have been affected by the CVE-2022-2450 vulnerability.
If you do not find reSmush.it, then you are safe from this issue.
Timeline
Published on: 11/14/2022 15:15:00 UTC
Last modified on: 11/16/2022 19:00:00 UTC