Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Raad Haddad in WordPress Featured Image from URL plugin (versions <= 3.9.9).
Update the WordPress Featured Image from URL plugin to the latest available version (at least 4.0.0).