Description
Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.12.
Published: 2026-04-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Access Control Bypass
Action: Apply Patch
AI Analysis

Impact

The Share This Image plugin for WordPress suffers from a missing authorization flaw that allows an attacker to invoke privileged functions intended only for administrators or editors. This vulnerability can be abused to modify or delete content, view private data, or otherwise perform actions normally restricted to higher‑privilege users. The weakness is classified as CWE‑862, indicating an improper or missing access‑control check that undermines the intended security boundaries. Consequently, the plugin can expose confidential information, alter the integrity of site content, and potentially disrupt normal operation through unauthorized changes.

Affected Systems

All WordPress sites that have the Share This Image plugin installed with a version number less than or equal to 2.12 are affected. The plugin is distributed by ILLID; no additional vendor or product details are provided in the input.

Risk and Exploitability

The CVSS score of 5.3 categorizes this issue as moderate severity, while the EPSS score of less than 1% indicates a low likelihood of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be via unauthenticated or low‑privilege web requests targeting the plugin’s exposed admin endpoints; if an attacker discovers or guesses these URLs, they can execute privileged actions without needing elevated credentials.

Generated by OpenCVE AI on April 10, 2026 at 18:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Share This Image plugin to a version newer than 2.12, ideally the latest release after the vulnerability was disclosed.
  • If an upgrade is not immediately possible, disable or remove the plugin to eliminate the attack surface.
  • Restrict access to the plugin’s admin or action endpoints using network filtering or role‑based controls to limit exposure to trusted users.

Generated by OpenCVE AI on April 10, 2026 at 18:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Fri, 10 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Illid
Illid share This Image
Wordpress
Wordpress wordpress
Vendors & Products Illid
Illid share This Image
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.12.
Title WordPress Share This Image plugin <= 2.12 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Illid Share This Image
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-29T09:52:02.266Z

Reserved: 2026-04-07T10:48:32.434Z

Link: CVE-2026-39563

cve-icon Vulnrichment

Updated: 2026-04-10T16:51:02.870Z

cve-icon NVD

Status : Deferred

Published: 2026-04-08T09:16:27.493

Modified: 2026-04-29T10:17:28.400

Link: CVE-2026-39563

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:25:23Z

Weaknesses