Description
Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.09.
Published: 2026-02-03
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Broken access control
Action: Update plugin
AI Analysis

Impact

The Share This Image WordPress plugin contains a missing authorization flaw that lets attackers exploit incorrectly configured access control levels. This vulnerability permits unauthorized users to perform privileged operations such as manipulating or deleting shared images through the plugin’s interface.

Affected Systems

WordPress sites running the Share This Image plugin version 2.09 or earlier are affected. No specific sub‑versions are listed beyond the <= 2.09 threshold.

Risk and Exploitability

The vulnerability carries a CVSS score of 5.3, indicating medium severity. The EPSS score is reported as < 1%, signifying a very low probability of exploitation at this time, and the issue is not listed in the KEV catalog. The likely attack path involves sending HTTP requests to the plugin’s endpoints without proper authorization checks, thus enabling unauthorized access remotely.

Generated by OpenCVE AI on April 16, 2026 at 01:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Share This Image plugin to a version that includes the access‑control fix, if such a release has been issued by the vendor.
  • If an update is not yet available, disable or uninstall the plugin to eliminate the exposed interface.
  • Alternatively, restrict the plugin’s administrative page to authenticated administrators by configuring role‑based access controls or firewall rules on the site.

Generated by OpenCVE AI on April 16, 2026 at 01:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Illid
Illid share This Image
Wordpress
Wordpress wordpress
Vendors & Products Illid
Illid share This Image
Wordpress
Wordpress wordpress

Tue, 03 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 03 Feb 2026 14:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.09.
Title WordPress Share This Image plugin <= 2.09 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Illid Share This Image
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:53.281Z

Reserved: 2026-01-28T09:51:50.023Z

Link: CVE-2026-25010

cve-icon Vulnrichment

Updated: 2026-02-03T16:18:34.759Z

cve-icon NVD

Status : Deferred

Published: 2026-02-03T15:16:19.180

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-25010

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T01:15:20Z

Weaknesses