CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33569 – WordPress Instant Images plugin <= 6.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-33569
17 May 2024 — Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0. Una vulnerabilidad de gestión de privilegios incorrecta en Darren Cooney Instant Images permite una escalada de privilegios. Este problema afecta a Instant Images: desde n/a hasta 6.1.0. • https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-plugin-6-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0869 – Instant Images <= 6.1.0 - Authenticated (Author+) Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2024-0869
29 Jan 2024 — The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options. El complemento Instant Images – One Click Image Uploads from Unsplash, Openv... • https://plugins.trac.wordpress.org/browser/instant-images/tags/6.1.0/api/license.php#L91 • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27451 – WordPress Instant Images Plugin <= 5.1.0.2 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-27451
02 Mar 2023 — Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin <= 5.1.0.2 versions. Vulnerabilidad de Server-Side Request Forgery (SSRF) en el complemento Darren Cooney Instant Images en versiones <=5.1.0.2. The Instant Images plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 5.1.0.1via the instant_images_download function. This can allow authenticated attackers, with author-level permissions and above, to make web requests to arb... • https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-5-1-0-1-auth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24334 – Instant Images WordPress Plugin < 4.4.0.1 - Authenticated Stored XSS & XFS
https://notcve.org/view.php?id=CVE-2021-24334
17 May 2021 — The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings (/wp-admin/upload.php?page=instant-images), only validating them client side before saving them, leading to a Stored Cross-Site Scripting issue. El plugin de WordPress Instant Images - One Click Unsplash Uploads versiones anteriores a 4.4.0.1, no comprobaba ni saneababa correctamente la configuración de los parámetros unspla... • https://m0ze.ru/vulnerability/%5B2021-04-22%5D-%5BWordPress%5D-%5BCWE-79%5D-Instant-Images-WordPress-Plugin-v4.4.0.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •