Search criteria
3 vulnerabilities found for Simple Image Sizes by Rahe
JVNDB-2025-000006
Vulnerability from jvndb - Published: 2025-01-28 13:44 - Updated:2025-01-28 13:44
Severity ?
Summary
WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting
Details
WordPress Plugin "Simple Image Sizes" provided by Rahe contains a stored cross-site scripting vulnerability (CWE-79).
Ibuki Sato of Nippon Engineering College of Hachioji reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000006.html",
"dc:date": "2025-01-28T13:44+09:00",
"dcterms:issued": "2025-01-28T13:44+09:00",
"dcterms:modified": "2025-01-28T13:44+09:00",
"description": "WordPress Plugin \"Simple Image Sizes\" provided by Rahe contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nIbuki Sato of Nippon Engineering College of Hachioji reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000006.html",
"sec:cpe": {
"#text": "cpe:/a:misc:rahe_simple_image_sizes",
"@product": "Simple Image Sizes",
"@vendor": "Rahe",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000006",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN88046370/index.html",
"@id": "JVN#88046370",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-24810",
"@id": "CVE-2025-24810",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WordPress Plugin \"Simple Image Sizes\" vulnerable to cross-site scripting"
}
CVE-2025-24810 (GCVE-0-2025-24810)
Vulnerability from cvelistv5 – Published: 2025-01-28 04:36 – Updated: 2025-01-28 14:59
VLAI?
Summary
Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rahe | Simple Image Sizes |
Affected:
3.2.3 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:59:00.362003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T14:59:09.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Simple Image Sizes",
"vendor": "Rahe",
"versions": [
{
"status": "affected",
"version": "3.2.3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T04:36:53.852Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://wordpress.org/plugins/simple-image-sizes/#developers"
},
{
"url": "https://jvn.jp/en/jp/JVN88046370/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24810",
"datePublished": "2025-01-28T04:36:53.852Z",
"dateReserved": "2025-01-24T05:18:38.886Z",
"dateUpdated": "2025-01-28T14:59:09.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24810 (GCVE-0-2025-24810)
Vulnerability from nvd – Published: 2025-01-28 04:36 – Updated: 2025-01-28 14:59
VLAI?
Summary
Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rahe | Simple Image Sizes |
Affected:
3.2.3 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:59:00.362003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T14:59:09.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Simple Image Sizes",
"vendor": "Rahe",
"versions": [
{
"status": "affected",
"version": "3.2.3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T04:36:53.852Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://wordpress.org/plugins/simple-image-sizes/#developers"
},
{
"url": "https://jvn.jp/en/jp/JVN88046370/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24810",
"datePublished": "2025-01-28T04:36:53.852Z",
"dateReserved": "2025-01-24T05:18:38.886Z",
"dateUpdated": "2025-01-28T14:59:09.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}