27 matches found
CVE-2025-13393
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize function in the Elementor widget integration. This...
CVE-2025-13393
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize function in the Elementor widget integration. This...
CVE-2025-13393 Featured Image from URL (FIFU) <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url'
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize function in the Elementor widget integration. This...
PT-2026-1702
Name of the Vulnerable Software and Affected Versions Featured Image from URL FIFU plugin for WordPress versions up to and including 5.3.1 Description The software contains a Server-Side Request Forgery issue due to inadequate validation of user-supplied URLs before they are passed to the...
VulnCheck KEV: CVE-2025-9985
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...
CVE-2025-7400 Featured Image from URL (FIFU) <= 5.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image Custom Fields
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a post's Featured Image custom fields in all versions up to, and including, 5.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
EUVD-2025-31214
Malicious code in bioql PyPI...
EUVD-2025-31211
Malicious code in bioql PyPI...
CVE-2025-9984
The Featured Image from URL FIFU plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the fifuapidebugposts function in all versions up to, and including, 5.2.7. This makes it possible for unauthenticated attackers to read private/password protect...
CVE-2025-10036
The Featured Image from URL FIFU plugin for WordPress is vulnerable to SQL Injection via the getallurls function in all versions up to, and including, 5.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2025-9985 Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...
CVE-2025-9984
CVE-2025-9984 (FIFU, Featured Image from URL, WordPress) : The FIFU plugin is vulnerable to an unauthorized access exposure due to a missing capability check in fifu_api_debug_posts(). This allows unauthenticated attackers to read private/password protected posts in all versions up to 5.2.7. Conn...
CVE-2025-9984 Featured Image from URL (FIFU) <= 5.2.7 - Missing Authorization to Password Protected Post Disclosure
The Featured Image from URL FIFU plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the fifuapidebugposts function in all versions up to, and including, 5.2.7. This makes it possible for unauthenticated attackers to read private/password protect...
CVE-2025-9984 Featured Image from URL (FIFU) <= 5.2.7 - Missing Authorization to Password Protected Post Disclosure
The Featured Image from URL FIFU plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the fifuapidebugposts function in all versions up to, and including, 5.2.7. This makes it possible for unauthenticated attackers to read private/password protect...
CVE-2023-6561
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-37276 WordPress Featured Image from URL (FIFU) plugin <= 4.8.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.1...
CVE-2024-37276 WordPress Featured Image from URL (FIFU) plugin <= 4.8.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.1...
CVE-2024-37516 WordPress Featured Image from URL (FIFU) plugin <= 4.8.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.2...
Cross site scripting
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifuinputurl parameter in all versions up to, and including, 4.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-1496 Featured Image from URL (FIFU) <= 4.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via fifu_input_url
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifuinputurl parameter in all versions up to, and including, 4.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...