2 matches found
CVE-2021-24334
The CVE concerns the WordPress plugin Instant Images – One Click Unsplash Uploads,
CVE-2021-24334 Instant Images WordPress Plugin < 4.4.0.1 - Authenticated Stored XSS & XFS
The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplashdownloadw and unsplashdownloadh parameter settings /wp-admin/upload.php?page=instant-images, only validating them client side before saving them, leading to a Stored...