Vulnerability Description
The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for Nextgen or the Media Library.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/3105107/wp-smushit/trunk/app/class-
- https://www.wordfence.com/threat-intel/vulnerabilities/id/dfbaa3e4-40c2-41d8-996
- https://plugins.trac.wordpress.org/changeset/3105107/wp-smushit/trunk/app/class-
- https://www.wordfence.com/threat-intel/vulnerabilities/id/dfbaa3e4-40c2-41d8-996
FAQ
What is CVE-2023-3352?
CVE-2023-3352 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authentica...
How severe is CVE-2023-3352?
CVE-2023-3352 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-3352?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.