Cyber Resilience

CVE-2022-2441

HighPublic PoC

Published: 20 October 2023

Published
20 October 2023
Modified
08 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0190 83.6th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-2441 is a high-severity CSRF (CWE-352) vulnerability in Orangelab Imagemagick Engine. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 16.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other AI Platforms.

Deeper analysis

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution through the cli_path parameter in versions up to and including 1.7.5. The flaw stems from insufficient validation and lack of CSRF protection when handling this parameter, which is used to invoke the external ImageMagick binary, allowing arbitrary command execution on the underlying server.

An unauthenticated attacker can exploit the issue by crafting a malicious request and tricking an authenticated administrator into clicking a link or performing another action that triggers the vulnerable code path. Successful exploitation grants the ability to execute arbitrary commands, create or modify files on the server, and establish persistent backdoor access.

Public references point to a WordPress plugin changeset that updated the affected code and to a Wordfence advisory that identifies the vulnerability and recommends updating to a patched release. The Exploit-DB entry and GitHub source links further document the vulnerable code locations around line 529 of imagemagick-engine.php.

EPSS scores for this CVE rose materially from low values after disclosure to a peak of 0.1965 on 2025-01-22 before receding to the current 0.0190, indicating that exploitation interest increased well after the initial publication.

EU & UK References

Vulnerability details

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted…

more

they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.

CWE(s)

AI Security AnalysisAI

AI Category
Other AI Platforms
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: backdoor

Related Threats

Affected Assets

orangelab
imagemagick engine
≤ 1.7.5

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-352

Awareness training educates users on avoiding untrusted links and actions that can be exploited via CSRF.

addresses: CWE-352

Requiring user re-entry of credentials for sensitive actions prevents automated forgery of requests without active user participation.

addresses: CWE-352

Security testing regimens explicitly include checks for missing or ineffective anti-CSRF protections in web applications.

addresses: CWE-352

Detects anomalous request patterns consistent with cross-site request forgery.

References