CVE-2022-2441
Published: 20 October 2023
Summary
CVE-2022-2441 is a high-severity CSRF (CWE-352) vulnerability in Orangelab Imagemagick Engine. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 16.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
Deeper analysis
The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution through the cli_path parameter in versions up to and including 1.7.5. The flaw stems from insufficient validation and lack of CSRF protection when handling this parameter, which is used to invoke the external ImageMagick binary, allowing arbitrary command execution on the underlying server.
An unauthenticated attacker can exploit the issue by crafting a malicious request and tricking an authenticated administrator into clicking a link or performing another action that triggers the vulnerable code path. Successful exploitation grants the ability to execute arbitrary commands, create or modify files on the server, and establish persistent backdoor access.
Public references point to a WordPress plugin changeset that updated the affected code and to a Wordfence advisory that identifies the vulnerability and recommends updating to a patched release. The Exploit-DB entry and GitHub source links further document the vulnerable code locations around line 529 of imagemagick-engine.php.
EPSS scores for this CVE rose materially from low values after disclosure to a peak of 0.1965 on 2025-01-22 before receding to the current 0.0190, indicating that exploitation interest increased well after the initial publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-34702
Vulnerability details
The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted…
more
they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: backdoor
Related Threats
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Awareness training educates users on avoiding untrusted links and actions that can be exploited via CSRF.
Requiring user re-entry of credentials for sensitive actions prevents automated forgery of requests without active user participation.
Security testing regimens explicitly include checks for missing or ineffective anti-CSRF protections in web applications.
Detects anomalous request patterns consistent with cross-site request forgery.