Hot Random Image

Vulnerabilities 3Slug hot-random-imageLatest version 1.9.3WordPress.org →

Minimum safe version

1.9.3

Update to 1.9.3 or later to address 3 fixable vulnerabilities

Latest available1.9.3
Medium 4.3
2025-05-22< 1.9.3

Hot Random Image <= 1.9.2 - Path Traversal to Authenticated (Contributor+) Limited Arbitrary Image Access via path Parameter

EUVDEUVDWordfenceCVE
Medium 4.9
2025-05-22< 1.9.3

WordPress Hot Random Image Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS)

EUVDPatchstackWordfenceCVE