CVE-2022-2091 – Cache Images < 3.2.1 - Image Upload / Import via CSRF

https://notcve.org/view.php?id=CVE-2022-2091

The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack. El plugin Cache Images de WordPress versiones anteriores a 3.2.1, no implementa comprobaciones de nonce, lo que podría permitir a atacantes hacer que cualquier usuario registrado cargue imágenes por medio de un ataque de tipo CSRF The Cache Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing nonce validation on the cache_images_ajax() function. This makes it possible for unauthenticated attackers to upload images via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/03e7c2dc-1c6d-4cff-af59-6b41ead74978 • CWE-352: Cross-Site Request Forgery (CSRF) •