CVE-2021-24334

CVE-2021-24334: Instant Images WordPress Plugin < 4.4.0.1 - Authenticated Stored XSS & XFS

Vendor Unknown
Product Instant Images – One Click Unsplash Uploads
Weakness CWE-79 · XSS
Published June 1, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings (/wp-admin/upload.php?page=instant-images), only validating them client side before saving them, leading to a Stored Cross-Site Scripting issue.

Key dates

02Disclosure timeline

June 1, 2021 CVE published
August 3, 2024 Record updated