vulnerability
WordPress Plugin: wp-image-zoooom: CVE-2018-1000510: Cross-Site Request Forgery (CSRF)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:N/A:P) | Mar 29, 2018 | May 15, 2025 | Apr 29, 2026 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Published
Mar 29, 2018
Added
May 15, 2025
Modified
Apr 29, 2026
Description
WP Image Zoom version 1.23 contains a Incorrect Access Control vulnerability in AJAX settings that can result in allows anybody to cause denial of service. This attack appear to be exploitable via Can be triggered intentionally (or unintentionally via CSRF) by any logged in user. This vulnerability appears to have been fixed in 1.24.
Solution
wp-image-zoooom-plugin-cve-2018-1000510
References
- https://www.cve.org/CVERecord?id=CVE-2018-1000510
- https://www.wordfence.com/threat-intel/vulnerabilities/id/312bb534-2a40-42f1-9a3e-8b1395e1e199?source=api-prod
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-1908
- CVE-2018-100051
- https://attackerkb.com/topics/CVE-2018-100051
- CWE-732
- EUVD-EUVD-2018-1908
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.