Vulnerabilites related to Rahe - Simple Image Sizes
jvndb-2025-000006
Vulnerability from jvndb
Published
2025-01-28 13:44
Modified
2025-01-28 13:44
Severity ?
Summary
WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting
Details
WordPress Plugin "Simple Image Sizes" provided by Rahe contains a stored cross-site scripting vulnerability (CWE-79).
Ibuki Sato of Nippon Engineering College of Hachioji reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN88046370/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-24810 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Rahe | Simple Image Sizes |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000006.html",
"dc:date": "2025-01-28T13:44+09:00",
"dcterms:issued": "2025-01-28T13:44+09:00",
"dcterms:modified": "2025-01-28T13:44+09:00",
"description": "WordPress Plugin \"Simple Image Sizes\" provided by Rahe contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nIbuki Sato of Nippon Engineering College of Hachioji reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000006.html",
"sec:cpe": {
"#text": "cpe:/a:misc:rahe_simple_image_sizes",
"@product": "Simple Image Sizes",
"@vendor": "Rahe",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000006",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN88046370/index.html",
"@id": "JVN#88046370",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-24810",
"@id": "CVE-2025-24810",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WordPress Plugin \"Simple Image Sizes\" vulnerable to cross-site scripting"
}
cve-2025-24810
Vulnerability from cvelistv5
Published
2025-01-28 04:36
Modified
2025-01-28 14:59
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rahe | Simple Image Sizes |
Version: 3.2.3 and earlier |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:59:00.362003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T14:59:09.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Simple Image Sizes",
"vendor": "Rahe",
"versions": [
{
"status": "affected",
"version": "3.2.3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T04:36:53.852Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://wordpress.org/plugins/simple-image-sizes/#developers"
},
{
"url": "https://jvn.jp/en/jp/JVN88046370/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24810",
"datePublished": "2025-01-28T04:36:53.852Z",
"dateReserved": "2025-01-24T05:18:38.886Z",
"dateUpdated": "2025-01-28T14:59:09.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}