CVE-2022-2241

🗓️ 01 Aug 2022 12:50:31Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 59 Views🌐 WEB

The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 is prone to CSRF and stored XSS vulnerabilities

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2022-2241	1 Aug 202213:15	–	attackerkb
Circl	CVE-2022-2241	1 Aug 202216:16	–	circl
CNNVD	WordPress plugin Featured Image from URL (FIFU) 跨站请求伪造漏洞	1 Aug 202200:00	–	cnnvd
Cvelist	CVE-2022-2241 Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF	1 Aug 202212:50	–	cvelist
EUVD	EUVD-2022-34519	3 Oct 202520:07	–	euvd
NVD	CVE-2022-2241	1 Aug 202213:15	–	nvd
Patchstack	WordPress Featured Image from URL plugin <= 3.9.9 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability	11 Jul 202200:00	–	patchstack
Prion	Cross site request forgery (csrf)	1 Aug 202213:15	–	prion
Positive Technologies	PT-2022-15412 · WordPress · Featured Image From Url	1 Aug 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-2241	22 May 202521:55	–	redhatcve

NVD

Vulners

Node

fifu featured_image_from_urlRange<4.0.0wordpress

[
  {
    "vendor": "Unknown",
    "product": "Featured Image from URL (FIFU)",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.0.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/8670d196-972b-491b-8d9b-25994a345f57

Parameter	Position	Path	Description	CWE
fifu_input_photon	request body	/wp-admin/admin.php?page=featured-image-from-url	CSRF vulnerability allowing logged-in admin to update settings; potential Stored XSS via input value without proper validation/sanitisation	CWE-116

21 Nov 2024 07:00Current

6Medium risk

Vulners AI Score6

CVSS 3.16.1

EPSS0.00305

CWE-116