CVE-2026-25010
Missing Authorization in Share This Image Plugin Allows Unauthorized Access
Publication date: 2026-02-03
Last updated on: 2026-02-03
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | share_this_image | to 2.09 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-25010 is a broken access control vulnerability in the WordPress plugin "Share This Image" versions 2.09 and earlier.'}, {'type': 'paragraph', 'content': 'The issue arises from missing authorization, authentication, or nonce token checks in certain functions, allowing unauthenticated users to perform actions reserved for higher-privileged users.'}, {'type': 'paragraph', 'content': 'This vulnerability falls under the OWASP Top 10 category A1: Broken Access Control.'}] [1]
How can this vulnerability impact me? :
Because the vulnerability allows unauthenticated users to perform actions meant for higher-privileged users, it can lead to unauthorized access or modification of content or settings within the plugin.
However, the CVSS severity score is 5.3, indicating a low priority and low impact threat, and it is considered unlikely to be exploited.
Users are advised to update to version 2.10 or later to mitigate the risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves missing authorization checks in the WordPress plugin "Share This Image" versions 2.09 and earlier, allowing unauthenticated users to perform privileged actions.'}, {'type': 'paragraph', 'content': 'Detection typically involves checking the plugin version installed on your WordPress site and monitoring for unauthorized access attempts to functions that should require higher privileges.'}, {'type': 'paragraph', 'content': 'Since the vulnerability requires no privileges to exploit, you can detect it by verifying the plugin version via WordPress admin or by scanning the plugin files.'}, {'type': 'list_item', 'content': 'Use WP-CLI to check the installed version: wp plugin list | grep share-this-image'}, {'type': 'list_item', 'content': 'Check HTTP access logs for suspicious unauthenticated requests to plugin endpoints or functions.'}, {'type': 'list_item', 'content': 'Use vulnerability scanners that detect outdated WordPress plugins.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary mitigation step is to update the "Share This Image" WordPress plugin to version 2.10 or later, where this vulnerability is fixed.'}, {'type': 'paragraph', 'content': 'If immediate updating is not possible, consider disabling the plugin temporarily to prevent exploitation.'}, {'type': 'paragraph', 'content': 'Additionally, enable automatic updates for WordPress plugins if supported, to ensure rapid protection against such vulnerabilities.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a broken access control issue allowing unauthenticated users to perform actions reserved for higher-privileged users. Such unauthorized access could potentially lead to unauthorized data exposure or modification.
While the CVE description and resources do not explicitly mention compliance with standards like GDPR or HIPAA, broken access control vulnerabilities generally pose risks to data confidentiality and integrity, which are critical aspects of these regulations.
Therefore, if exploited, this vulnerability could negatively impact compliance with regulations that require strict access controls and protection of sensitive data.