Wpscoop: >> Imageinject >> 1.15 Security Vulnerabilities
The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS Score
4.8
EPSS Score
0.001
Published
2022-12-26
The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-01-08
The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-01-08