Login Sign Up

CVE-2024-0869

8.8 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows WordPress users with 'author' role or higher to modify arbitrary site options through the Instant Images plugin's REST API endpoint. Attackers can change critical WordPress settings, potentially compromising site security. All WordPress sites using Instant Images plugin versions up to 6.1.0 are affected.

💻 Affected Systems

Products:
  • Instant Images WordPress Plugin
Versions: All versions up to and including 6.1.0
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with Instant Images plugin enabled. Vulnerability affects all default configurations.

📦 What is this software?

Instant Images One Click Unsplash Uploads by Connekthq

View all CVEs affecting Instant Images One Click Unsplash Uploads →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover by modifying administrator credentials, enabling malicious plugins, or changing site configuration to redirect visitors to malicious sites.

🟠

Likely Case

Unauthorized modification of site settings, injection of malicious code, or privilege escalation by changing user roles and capabilities.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place, with potential for unauthorized option changes but quick detection.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing, and the vulnerability affects all sites with the vulnerable plugin installed.
🏢 Internal Only: MEDIUM - Internal WordPress installations are still vulnerable if users with author+ roles are compromised or malicious.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires at least author-level WordPress credentials. The vulnerability is straightforward to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.1.1

Vendor Advisory: https://wordpress.org/plugins/instant-images/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Instant Images' and click 'Update Now'. 4. Verify version shows 6.1.1 or higher.

🔧 Temporary Workarounds

Disable Instant Images Plugin

all

Temporarily disable the vulnerable plugin until patching is possible

wp plugin deactivate instant-images

Restrict REST API Access

linux

Limit access to the vulnerable REST endpoint using .htaccess or web server configuration

# Add to .htaccess:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^wp-json/instant-images/license - [F,L]
</IfModule>

🧯 If You Can't Patch

  • Implement strict access controls and monitor user activity, especially for author+ roles
  • Regularly audit WordPress options table for unauthorized changes and maintain backups

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Instant Images → Version. If version is 6.1.0 or lower, you are vulnerable.

Check Version:

wp plugin get instant-images --field=version

Verify Fix Applied:

After updating, verify Instant Images plugin shows version 6.1.1 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /wp-json/instant-images/license endpoint
  • Unexpected modifications to wp_options table in database logs

Network Indicators:

  • HTTP POST requests to instant-images/license REST endpoint from unauthorized or unexpected sources

SIEM Query:

source="wordpress" AND (uri_path="/wp-json/instant-images/license" OR event_description="option_update")

📊 Metadata

CVE ID: CVE-2024-0869
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: February 5, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON