漏洞标题
N/A
漏洞描述信息
The Instant Images - One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options updates due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
漏洞类别
跨站请求伪造(CSRF)
漏洞标题
N/A
漏洞描述信息
The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
WordPress plugin Instant Images 安全漏洞
漏洞描述信息
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Instant Images 6.1.0 版本及之前版本存在安全漏洞,该漏洞源于检查不充分,忽略验证更新的选项是否属于的即时图像/许可证 REST API 端点上的插件,导致未经授权的任意选项更新的影响。
CVSS信息
N/A
漏洞类别
其他