Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2024-0869 - Instant Images One Click Unsplash Uploads Plugin
The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options.
PLUGIN
Instant Images One Click Unsplash Uploads
CVE-2024-0869
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24334 - Instant Images One Click Unsplash Uploads Plugin
The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings (/wp-admin/upload.php?page=instant-images), only validating them client side before saving them, leading to a Stored Cross-Site Scripting issue.
PLUGIN
Instant Images One Click Unsplash Uploads
CVE-2021-24334
Risk Score