cleantalk
Vulnerabilities and Security Researches

Easy Image Collage, CVE-2024-5863

CVE, Research URL

CVE-2024-5863

Home page URL

Security reports for Easy Image Collage

Application

Easy Image Collage

Published on
Jun 28, 2024
Research Description
The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_image_collage() function in all versions up to, and including, 1.13.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to erase all of the content in arbitrary posts.
Affected versions
max 1.13.6.
Status
vulnerable
Previous vulnerability researches
Easy Image Collage (CVE-2026-9019) , Jun 12, 2026
Easy Image Collage (CVE-2024-5863) , Jun 29, 2024
New vulnerability
The Ultimate Video Player For WordPress – by Presto Player (CVE-2026-9125) , Jun 12, 2026
Extra Fees Plugin for WooCommerce (CVE-2023-33999) , Jun 12, 2026
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery (CVE-2023-33999) , Jun 12, 2026
Form Vibes – Database Manager for Forms (CVE-2023-33999) , Jun 12, 2026
FormsCRM (CVE-2023-33999) , Jun 12, 2026