Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.12.
AnalysisAI
Missing authorization in ILLID Share This Image WordPress plugin through version 2.12 allows unauthenticated remote attackers to access restricted functionality due to incorrectly configured access control, resulting in low-impact information disclosure. The vulnerability carries a moderate CVSS score of 5.3 but very low real-world exploitation probability (EPSS 0.02%, percentile 4%), suggesting this is a configuration or design flaw with limited practical impact rather than a critical security issue.
Technical ContextAI
This vulnerability stems from CWE-862 (Missing Authorization), a class of flaw where a product fails to enforce access control checks before allowing sensitive operations. In the context of the Share This Image WordPress plugin (a media sharing utility), the vulnerability manifests as inadequately protected endpoints or functions that perform actions or return data without properly verifying user permissions. WordPress plugins implementing such functionality typically use action hooks and nonce verification; missing or misconfigured nonce checks or improper use of current_user_can() are common root causes. The affected product is the WordPress plugin identified by CPE cpe:2.3:a:illid:share_this_image, which serves as a publishing or distribution mechanism for images across web platforms.
RemediationAI
Update the Share This Image plugin to a version greater than 2.12; consult the official ILLID or WordPress plugin repository for the latest patched release. Pending vendor patch availability confirmation, administrators should review plugin access control configurations, ensure nonce verification is enabled on all sensitive plugin functions, and verify that WordPress capability checks using current_user_can() are applied consistently across image-sharing endpoints. The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/share-this-image/vulnerability/wordpress-share-this-image-plugin-2-12-broken-access-control-vulnerability provides additional context and may include workaround details or vendor patch announcements.
More in Share This Image
View allThe Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. Rat
Server-Side Request Forgery (SSRF) vulnerability in ILLID Share This Image share-this-image allows Server Side Request F
The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shor
The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' parameter in
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-20207
GHSA-3896-29g2-49jx