7 matches found
CVE-2026-9019
The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachmenturl' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-48394
The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachment url' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Easy Image Collage plugin <= 1.13.6 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by gnsehfvlr in WordPress Plugin Easy Image Collage versions = 1.13.6...
CVE-2024-5863
The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaximagecollage function in all versions up to, and including, 1.13.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
WordPress Easy Image Collage plugin <= 1.13.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Content Deletion vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Post Content Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Easy Image Collage versions = 1.13.5...
WordPress plugin Easy Image Collage security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Easy Image Collage Plugin <= 1.13.5 is vulnerable to Broken Access Control
Software Easy Image Collage Type Plugin Vulnerable versions = 1.13.5 Fixed in 1.13.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5863 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9f1bcb932e47 Credits Lucio Sá Required privile...