{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25010", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-28T09:51:50.023Z", "datePublished": "2026-02-03T14:08:38.599Z", "dateUpdated": "2026-04-28T16:14:53.281Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "share-this-image", "product": "Share This Image", "vendor": "ILLID", "versions": [{"changes": [{"at": "2.10", "status": "unaffected"}], "lessThanOrEqual": "2.09", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:58.298Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Share This Image: from n/a through <= 2.09.</p>"}], "value": "Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.09."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:53.281Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/share-this-image/vulnerability/wordpress-share-this-image-plugin-2-09-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Share This Image plugin <= 2.09 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-03T16:18:45.413583Z", "id": "CVE-2026-25010", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:45:13.185Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25010", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-28T09:51:50.023Z", "datePublished": "2026-02-03T14:08:38.599Z", "dateUpdated": "2026-04-28T12:45:13.185Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "share-this-image", "product": "Share This Image", "vendor": "ILLID", "versions": [{"changes": [{"at": "2.10", "status": "unaffected"}], "lessThanOrEqual": "2.09", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-28T13:26:35.201Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Share This Image: from n/a through <= 2.09.</p>"}], "value": "Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.09."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T12:10:48.347Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/share-this-image/vulnerability/wordpress-share-this-image-plugin-2-09-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Share This Image plugin <= 2.09 - Broken Access Control vulnerability"}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25010", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-03T16:18:45.413583Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T16:18:34.759Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.09."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en ILLID Share This Image share-this-image permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Share This Image: desde n/a hasta &lt;= 2.09."}], "id": "CVE-2026-25010", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-03T15:16:19.180", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/share-this-image/vulnerability/wordpress-share-this-image-plugin-2-09-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T01:13:05.793429+00:00", "value": {"mitigation_remediation": ["Upgrade the Share This Image plugin to a version that includes the access\u2011control fix, if such a release has been issued by the vendor.", "If an update is not yet available, disable or uninstall the plugin to eliminate the exposed interface.", "Alternatively, restrict the plugin\u2019s administrative page to authenticated administrators by configuring role\u2011based access controls or firewall rules on the site."], "summary": {"action": "Update plugin", "impact": "Broken access control"}, "threat_synthesis": {"affected_systems": "WordPress sites running the Share This Image plugin version 2.09 or earlier are affected. No specific sub\u2011versions are listed beyond the <= 2.09 threshold.", "description_and_impact": "The Share This Image WordPress plugin contains a missing authorization flaw that lets attackers exploit incorrectly configured access control levels. This vulnerability permits unauthorized users to perform privileged operations such as manipulating or deleting shared images through the plugin\u2019s interface.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 5.3, indicating medium severity. The EPSS score is reported as < 1%, signifying a very low probability of exploitation at this time, and the issue is not listed in the KEV catalog. The likely attack path involves sending HTTP requests to the plugin\u2019s endpoints without proper authorization checks, thus enabling unauthorized access remotely."}}}}, "created": "2026-02-04T12:08:53.937495+00:00", "updated": "2026-04-16T01:15:20.536455+00:00", "vendors": ["illid", "illid$PRODUCT$share_this_image", "wordpress", "wordpress$PRODUCT$wordpress"]}