CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0869 – Instant Images <= 6.1.0 - Authenticated (Author+) Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2024-0869
29 Jan 2024 — The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options. El complemento Instant Images – One Click Image Uploads from Unsplash, Openv... • https://plugins.trac.wordpress.org/browser/instant-images/tags/6.1.0/api/license.php#L91 • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24334 – Instant Images WordPress Plugin < 4.4.0.1 - Authenticated Stored XSS & XFS
https://notcve.org/view.php?id=CVE-2021-24334
17 May 2021 — The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings (/wp-admin/upload.php?page=instant-images), only validating them client side before saving them, leading to a Stored Cross-Site Scripting issue. El plugin de WordPress Instant Images - One Click Unsplash Uploads versiones anteriores a 4.4.0.1, no comprobaba ni saneababa correctamente la configuración de los parámetros unspla... • https://m0ze.ru/vulnerability/%5B2021-04-22%5D-%5BWordPress%5D-%5BCWE-79%5D-Instant-Images-WordPress-Plugin-v4.4.0.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •