Vulnerabilities > Connekthq > Instant Images ONE Click Unsplash Uploads > 4.1.0

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-05	CVE-2024-0869	Unspecified vulnerability in Connekthq Instant Images - ONE Click Unsplash Uploads The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. network low complexity connekthq	6.5
2021-06-01	CVE-2021-24334	Cross-site Scripting vulnerability in Connekthq Instant Images - ONE Click Unsplash Uploads The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplash_download_w and unsplash_download_h parameter settings (/wp-admin/upload.php?page=instant-images), only validating them client side before saving them, leading to a Stored Cross-Site Scripting issue. network low complexity connekthq CWE-79	5.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.