[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyftC55ddxw8djoAr5POv21Nw0IuVphulrF1Kf-OZk08":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2022-4101","images-optimize-and-upload-cf7-missing-authorization-to-arbitrary-file-deletion","Images Optimize and Upload CF7 \u003C= 2.1.4 - Missing Authorization to Arbitrary File Deletion","The Images Optimize and Upload CF7 plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the yr_api_delete AJAX action available to unprivileged users in versions up to, and including, 2.1.4. This makes it possible for unauthenticated attackers to delete arbitrary files. This could be used to delete the wp-config.php file that would make complete site takeover relatively simple for an attacker.","images-optimize-and-upload-cf7",null,"\u003C=2.1.4","2.2.1","critical",9.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:H","Missing Authorization","2022-12-21 00:00:00","2025-06-02 19:03:28",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd8fb20fb-a795-4ab0-9614-6ae6ac4f2eda?source=api-prod",895]