Skip to main content

Imageinject

3 CVEs product

Monthly

CVE-2022-4243 MEDIUM POC This Month

The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Imageinject
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2018-5285 HIGH POC This Week

The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Imageinject
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-5284 MEDIUM POC This Month

The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Imageinject
NVD GitHub
CVSS 3.0
4.8
EPSS
0.8%
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Imageinject
NVD WPScan
EPSS 1% CVSS 8.8
HIGH POC This Week

The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP +1
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy