The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-02-05T21:21:34.214Z
Updated: 2024-07-05T17:21:33.912Z
Reserved: 2024-01-24T19:23:08.086Z
Link: CVE-2024-0869
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-02-05T22:16:06.267
Modified: 2024-02-13T19:45:09.783
Link: CVE-2024-0869
JSON object: View
Redhat Information
No data.
CWE