Skip to main content

Share This Image CVE-2026-39563

| EUVDEUVD-2026-20207 MEDIUM
Missing Authorization (CWE-862)
2026-04-08 Patchstack GHSA-3896-29g2-49jx
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 08, 2026 - 08:45 euvd
EUVD-2026-20207
Analysis Generated
Apr 08, 2026 - 08:45 vuln.today
CVE Published
Apr 08, 2026 - 08:30 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.12.

AnalysisAI

Missing authorization in ILLID Share This Image WordPress plugin through version 2.12 allows unauthenticated remote attackers to access restricted functionality due to incorrectly configured access control, resulting in low-impact information disclosure. The vulnerability carries a moderate CVSS score of 5.3 but very low real-world exploitation probability (EPSS 0.02%, percentile 4%), suggesting this is a configuration or design flaw with limited practical impact rather than a critical security issue.

Technical ContextAI

This vulnerability stems from CWE-862 (Missing Authorization), a class of flaw where a product fails to enforce access control checks before allowing sensitive operations. In the context of the Share This Image WordPress plugin (a media sharing utility), the vulnerability manifests as inadequately protected endpoints or functions that perform actions or return data without properly verifying user permissions. WordPress plugins implementing such functionality typically use action hooks and nonce verification; missing or misconfigured nonce checks or improper use of current_user_can() are common root causes. The affected product is the WordPress plugin identified by CPE cpe:2.3:a:illid:share_this_image, which serves as a publishing or distribution mechanism for images across web platforms.

RemediationAI

Update the Share This Image plugin to a version greater than 2.12; consult the official ILLID or WordPress plugin repository for the latest patched release. Pending vendor patch availability confirmation, administrators should review plugin access control configurations, ensure nonce verification is enabled on all sensitive plugin functions, and verify that WordPress capability checks using current_user_can() are applied consistently across image-sharing endpoints. The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/share-this-image/vulnerability/wordpress-share-this-image-plugin-2-12-broken-access-control-vulnerability provides additional context and may include workaround details or vendor patch announcements.

Share

CVE-2026-39563 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy