Vulnerabilities and security researches foreasy-author-image easy-author-image

Apr 15, 2026

CVE, Research URL: CVE-2026-1373
Home page URL: Security reports for Easy Author Image
Application: Easy Author Image
Date: Feb 19, 2026
Research Description: The Easy Author Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'author_profile_picture_url' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.7.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: 79fa8f492d7f28c4425b1902bfd74de74f041e65
Home page URL: Security reports for Easy Author Image
Application: Easy Author Image
Date: May 26, 2015
Research Description: Easy Author Image [easy-author-image] < 1.5.1 WordPress Easy Author Image Plugin <= 1.5 - Email Disclosure This plugin is prone to an email disclosure vulnerability. There is no fixing, because plugin is no longer be maintained.
Affected versions: max 1.5.1.
Status: vulnerable