GrandPlugins WordPress Image Sizes Controller Missing Authorization Vulnerability

Vulnerability

A broken access control vulnerability has been identified in the GrandPlugins WordPress Image Sizes Controller plugin, specifically in versions through 1.0.9. This vulnerability allows users with subscriber privileges to create custom image sizes and disable certain image size settings, exploiting improperly configured access control measures.

Impact

Exploitation of this vulnerability could allow a subscriber-level user to perform actions that should be restricted to higher privilege levels, such as creating and managing custom image sizes.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GrandPlugins WordPress Image Sizes Controller Missing Authorization Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating