CVE-2024-0869

HIGH

Instant Images - One Click Image Uploads from Unsplash, Openverse, ...

Title source: llm
STIX 2.1

Description

The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options. CVE-2024-33569 appears to be a duplicate of this issue.

Scores

CVSS v3 8.8
EPSS 0.0079
EPSS Percentile 51.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-862
Status published
Products (2)
connekthq/Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy < 6.1.0
connekthq/instant_images_-_one_click_unsplash_uploads < 6.1.0
Published Feb 05, 2024
Tracked Since Feb 18, 2026