CVE-2021-24334
Instant Images WordPress Plugin < 4.4.0.1 - Authenticated Stored XSS & XFS
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
01 jun 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings (/wp-admin/upload.php?page=instant-images), only validating them client side before saving them, leading to a Stored Cross-Site Scripting issue.
Productos afectados
Unknown · Instant Images – One Click Unsplash Uploads