CVE-2022-2091 – Cache Images < 3.2.1 - Image Upload / Import via CSRF

https://notcve.org/view.php?id=CVE-2022-2091

20 Jun 2022 — The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack. El plugin Cache Images de WordPress versiones anteriores a 3.2.1, no implementa comprobaciones de nonce, lo que podría permitir a atacantes hacer que cualquier usuario registrado cargue imágenes por medio de un ataque de tipo CSRF The Cache Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, ... • https://wpscan.com/vulnerability/03e7c2dc-1c6d-4cff-af59-6b41ead74978 • CWE-352: Cross-Site Request Forgery (CSRF) •