8 matches found
PT-2025-49202
Name of the Vulnerable Software and Affected Versions Featured Image via URL plugin for WordPress versions prior to 0.1 Description The plugin is susceptible to arbitrary file uploads because of a lack of file type validation. Attackers with Contributor-level access or higher can upload any file ...
WordPress plugin Featured Image via URL 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
CVE-2025-7400
CVE-2025-7400 – Featured Image from URL (FIFU) for WordPress is a Stored Cross-Site Scripting flaw in all versions up to 5.2.7, exploitable by an authenticated attacker with Contributor-level access or higher via the post’s Featured Image custom fields. Root cause: insufficient input sanitization...
WordPress plugin Featured Image from URL 跨站脚本漏洞
WordPress Featured Image from URL plugin is a plugin for solving WordPress website featured image FeaturedImage related problems. The WordPress Featured Image from URL plugin suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of custom...
WordPress Featured Image from URL (FIFU) plugin <= 5.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image Custom Fields vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Featured Image Custom Fields vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Featured Image from URL versions = 5.2.7...
CVE-2025-10037
The Featured Image from URL FIFU plugin for WordPress is vulnerable to SQL Injection via the getpostswithinternalfeaturedimage function in all versions up to, and including, 5.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
WordPress plugin Featured Image from URL 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress Featured Image from URL (FIFU) plugin <= 5.2.7 - Authenticated (Admin+) SQL Injection vulnerability
Authenticated Admin+ SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin Featured Image from URL versions = 5.2.7...