CVE-2022-2450: 
WordPress vulnerability analysis and mitigation

The reSmush.it Image Optimizer WordPress plugin before version 0.4.4 contains a vulnerability identified as CVE-2022-2450. The vulnerability was discovered by Raad Haddad of Cloudyrion GmbH and was publicly disclosed on October 19, 2022. This security issue affects the plugin's AJAX actions functionality, where the application fails to properly implement authorization controls (WPScan).

The vulnerability is classified as a Missing Authorization (CWE-862) issue with a CVSS v3.1 Base Score of 4.3 (MEDIUM). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, and required low privileges (NVD).

The vulnerability allows any authenticated users, including those with low-privilege roles such as subscribers, to access and execute various AJAX actions that should be restricted to higher-privilege users. This creates a potential security risk where unauthorized users can interact with plugin functionalities they shouldn't have access to (WPScan).

The vulnerability has been fixed in version 0.4.4 of the reSmush.it Image Optimizer plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).