Skip to main content

Instant Images One Click Unsplash Uploads

2 CVEs product

Monthly

CVE-2024-0869 HIGH PATCH This Week

The Instant Images - One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Instant Images One Click Unsplash Uploads
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-24334 MEDIUM POC This Month

The Instant Images - One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Instant Images One Click Unsplash Uploads
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The Instant Images - One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Instant Images One Click Unsplash Uploads
NVD VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Instant Images - One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP +1
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy