The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2024, 19:45
Type | Values Removed | Values Added |
---|---|---|
First Time |
Connekthq
Connekthq instant Images - One Click Unsplash Uploads |
|
CPE | cpe:2.3:a:connekthq:instant_images_-_one_click_unsplash_uploads:*:*:*:*:*:wordpress:*:* | |
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | () https://plugins.trac.wordpress.org/changeset/3027110/instant-images/tags/6.1.1/api/license.php - Patch | |
References | () https://wordpress.org/plugins/instant-images/ - Product | |
References | () https://plugins.trac.wordpress.org/browser/instant-images/tags/6.1.0/api/license.php#L91 - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=cve - Third Party Advisory |
05 Feb 2024, 22:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-05 22:16
Updated : 2024-02-28 20:54
NVD link : CVE-2024-0869
Mitre link : CVE-2024-0869
CVE.ORG link : CVE-2024-0869
JSON object : View
Products Affected
connekthq
- instant_images_-_one_click_unsplash_uploads
CWE