CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/11/08 9:28 a.m.•11 views

CVE-2025-11980

CVE-2025-11980 affects the WordPress Quick Featured Images plugin prior to 13.7.4. The vulnerability is an SQL Injection in the delete_orphaned function due to insufficient escaping and unsafe SQL construction. Exploitation requires Editor+ privileges and user interaction (an author-level user mu...

4.9CVSS6.1AI score0.00033EPSS

CNNVD•added 2025/11/08 12:0 a.m.•2 views

WordPress plugin Quick Featured Images SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A SQL injection...

4.9CVSS7.6AI score0.00033EPSS

Exploits0References5

Positive Technologies•added 2025/11/08 12:0 a.m.•1 views

PT-2025-45562

Name of the Vulnerable Software and Affected Versions Quick Featured Images plugin for WordPress versions prior to 13.7.4 Description The Quick Featured Images plugin for WordPress is susceptible to SQL Injection through the delete orphaned function. This is due to inadequate escaping of...

4.9CVSS7AI score0.00033EPSS

Exploits0References7

CNVD•added 2025/10/21 12:0 a.m.•2 views

WordPress Quick Featured Images plugin unsafe direct object reference vulnerability

WordPress Quick Featured Images plugin is a plugin for bulk editing and replacing featured images in WordPress. WordPress Quick Featured Images plugin suffers from an insecure direct object reference vulnerability that stems from the lack of validation of user control keys in the qfisetthumbnail...

4.3CVSS6.9AI score0.00034EPSS

Exploits0References1

RedhatCVE•added 2025/10/16 5:52 a.m.•3 views

CVE-2025-11176

The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 13.7.2 via the qfisetthumbnail and qfideletethumbnail AJAX actions due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS5.6AI score0.00034EPSS

Exploits0References1

CVE•added 2025/10/15 5:23 a.m.•5 views

CVE-2025-11176

CVE-2025-11176 affects the WordPress plugin “Quick Featured Images” (versions up to 13.7.2). The vulnerability is an Insecure Direct Object Reference (IDOR) in the qfi_set_thumbnail and qfi_delete_thumbnail AJAX actions caused by missing validation of a user-controlled key. This allows authentica...

4.3CVSS5.3AI score0.00034EPSS

Cvelist•added 2025/10/15 5:23 a.m.•4 views

CVE-2025-11176 Quick Featured Images <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation

4.3CVSS0.00034EPSS

Vulnrichment•added 2025/10/15 5:23 a.m.•2 views

CVE-2025-11176 Quick Featured Images <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation

4.3CVSS5.3AI score0.00034EPSS

Patchstack•added 2025/10/15 12:17 a.m.•5 views

WordPress Quick Featured Images plugin <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation vulnerability

Insecure Direct Object Reference to Image Manipulation vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Quick Featured Images versions = 13.7.2...

4.3CVSS7AI score0.00034EPSS

Exploits0References1Affected Software1

CNNVD•added 2025/10/15 12:0 a.m.•1 views

WordPress plugin Quick Featured Images 安全漏洞

4.3CVSS6.8AI score0.00034EPSS

Positive Technologies•added 2025/10/15 12:0 a.m.•2 views

PT-2025-42230

The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 13.7.2 via the qfi set thumbnail and qfi delete thumbnail AJAX actions due to missing validation on a user controlled key. This makes it possible for authenticate...

4.3CVSS5.7AI score0.00034EPSS

NVD•added 2024/04/23 8:15 a.m.•10 views

CVE-2024-3664

The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setthumbnail and deletethumbnail functions in all versions up to, and including, 13.7.0. This makes it possible for authenticated attackers, with...

4.3CVSS4.3AI score0.00069EPSS

Vulnrichment•added 2024/04/23 7:36 a.m.•10 views

CVE-2024-3664 Quick Featured Images <= 13.7.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting

4.3CVSS5.9AI score0.00069EPSS

CVE•added 2024/04/23 7:36 a.m.•50 views

CVE-2024-3664

CVE-2024-3664 affects the Quick Featured Images plugin for WordPress. The vulnerability is due to a missing capability check in set_thumbnail and delete_thumbnail, affecting all versions up to 13.7.0. It allows authenticated attackers with contributor level access or higher to delete thumbnails a...

4.3CVSS6.3AI score0.00069EPSS

Cvelist•added 2024/04/23 7:36 a.m.•15 views

CVE-2024-3664 Quick Featured Images <= 13.7.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting

4.3CVSS4.6AI score0.00069EPSS

Patchstack•added 2024/04/23 2:58 a.m.•2 views

WordPress Quick Featured Images plugin <= 13.7.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Thumbnail Deletion/Setting vulnerability discovered by Lucio Sá in WordPress Plugin Quick Featured Images versions = 13.7.0...

4.3CVSS7AI score0.00069EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/04/23 12:0 a.m.•2 views

WordPress plugin Quick Featured Images 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.8AI score0.00069EPSS