ByteOS Network

aspengrovestudios

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-4592

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-4.3||MEDIUM

EPSS-0.05% / 14.37%

7 Day CHG~0.00%

Published-14 Jun, 2025 | 08:23

Updated-08 Apr, 2026 | 16:56

AI Image Lab – Free AI Image Generator <= 1.0.6 - Cross-Site Request Forgery to API Key Update

The AI Image Lab – Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the 'wpz-ai-images' page. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vendor-aspengrovestudios

Product-AI Image Lab – Free AI Image Generator

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-4873

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-4.3||MEDIUM

EPSS-0.14% / 33.00%

7 Day CHG~0.00%

Published-19 Jun, 2024 | 03:12

Updated-15 Apr, 2026 | 00:35

Replace Image <= 1.1.10 - Insecure Direct Object Reference

The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to replace images uploaded by higher level users such as admins.

Vendor-aspengrovestudios

Product-Replace Image

CWE ID-CWE-639

Authorization Bypass Through User-Controlled Key