Filtered by vendor Connekthq
Subscribe
Filtered by product Instant Images - One Click Unsplash Uploads
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-0869 | 1 Connekthq | 1 Instant Images - One Click Unsplash Uploads | 2024-11-21 | N/A | 8.8 HIGH |
The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options. | |||||
CVE-2021-24334 | 1 Connekthq | 1 Instant Images - One Click Unsplash Uploads | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings (/wp-admin/upload.php?page=instant-images), only validating them client side before saving them, leading to a Stored Cross-Site Scripting issue. |