The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call them.

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2450