CVE-2024-0869
HIGHInstant Images - One Click Image Uploads from Unsplash, Openverse, ...
Title source: llmDescription
The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options. CVE-2024-33569 appears to be a duplicate of this issue.
References (4)
Core 4
Scores
CVSS v3
8.8
EPSS
0.0079
EPSS Percentile
51.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-862
Status
published
Products (2)
connekthq/Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy
< 6.1.0
connekthq/instant_images_-_one_click_unsplash_uploads
< 6.1.0
Published
Feb 05, 2024
Tracked Since
Feb 18, 2026