Vulnerabilities (CVE)

Filtered by vendor Connekthq Subscribe
Filtered by product Instant Images - One Click Unsplash Uploads
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-0869 1 Connekthq 1 Instant Images - One Click Unsplash Uploads 2024-02-28 N/A 6.5 MEDIUM
The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options.
CVE-2021-24334 1 Connekthq 1 Instant Images - One Click Unsplash Uploads 2024-02-28 3.5 LOW 5.4 MEDIUM
The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings (/wp-admin/upload.php?page=instant-images), only validating them client side before saving them, leading to a Stored Cross-Site Scripting issue.