CVE-2018-5284 — CVSS 4.8 (medium): The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php.
CVE-2022-4243 — CVSS 4.8 (medium): The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users…