CVE-2024-0869

EPSS 0.79%
Veröffentlicht 05.02.2024 22:16:06
Zuletzt bearbeitet 08.04.2026 17:17:26
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Instant Images <= 6.1.0 - Authenticated (Author+) Arbitrary Options Update

The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options. CVE-2024-33569 appears to be a duplicate of this issue.

Mögliche Gegenmaßnahme

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy: Update to version 6.1.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Connekthq ≫ Instant Images - One Click Unsplash Uploads SwPlatformwordpress Version <= 6.1.0

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

Version *-6.1.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.79%	0.514

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
security@wordfence.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://plugins.trac.wordpress.org/browser/instant-images/tags/6.1.0/api/license.php#L91

Product

https://plugins.trac.wordpress.org/changeset/3027110/instant-images/tags/6.1.1/api/license.php

Patch

https://wordpress.org/plugins/instant-images/

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0869

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0869

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0869

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-0869