CVE-2024-0869

The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options.
Configurations

Configuration 1 (hide)

cpe:2.3:a:connekthq:instant_images_-_one_click_unsplash_uploads:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 08:47

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 8.8
References () https://plugins.trac.wordpress.org/browser/instant-images/tags/6.1.0/api/license.php#L91 - Product () https://plugins.trac.wordpress.org/browser/instant-images/tags/6.1.0/api/license.php#L91 - Product
References () https://plugins.trac.wordpress.org/changeset/3027110/instant-images/tags/6.1.1/api/license.php - Patch () https://plugins.trac.wordpress.org/changeset/3027110/instant-images/tags/6.1.1/api/license.php - Patch
References () https://wordpress.org/plugins/instant-images/ - Product () https://wordpress.org/plugins/instant-images/ - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=cve - Third Party Advisory () https://www.wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=cve - Third Party Advisory

13 Feb 2024, 19:45

Type Values Removed Values Added
First Time Connekthq
Connekthq instant Images - One Click Unsplash Uploads
CPE cpe:2.3:a:connekthq:instant_images_-_one_click_unsplash_uploads:*:*:*:*:*:wordpress:*:*
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References () https://plugins.trac.wordpress.org/changeset/3027110/instant-images/tags/6.1.1/api/license.php - () https://plugins.trac.wordpress.org/changeset/3027110/instant-images/tags/6.1.1/api/license.php - Patch
References () https://wordpress.org/plugins/instant-images/ - () https://wordpress.org/plugins/instant-images/ - Product
References () https://plugins.trac.wordpress.org/browser/instant-images/tags/6.1.0/api/license.php#L91 - () https://plugins.trac.wordpress.org/browser/instant-images/tags/6.1.0/api/license.php#L91 - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=cve - Third Party Advisory

05 Feb 2024, 22:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-05 22:16

Updated : 2024-11-21 08:47


NVD link : CVE-2024-0869

Mitre link : CVE-2024-0869

CVE.ORG link : CVE-2024-0869


JSON object : View

Products Affected

connekthq

  • instant_images_-_one_click_unsplash_uploads