VYPR

Image Source Control

by WordPress

CVEs (2)

  • CVE-2024-13515MedJan 18, 2025
    risk 0.33cvss 6.1epss 0.00

    The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'path' parameter in all versions up to, and including, 2.28.0 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2021-24781Nov 1, 2021
    risk 0.00cvss epss 0.01

    The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts (even those they should not be able to edit)