33 matches found
CVE-2025-13794
The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkactiongeneratehandler function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with...
CVE-2025-13794
CVE-2025-13794 affects the Auto Featured Image (Auto Post Thumbnail) WordPress plugin. Versions up to and including 4.2.1 are vulnerable due to a missing capability check in bulk_action_generate_handler, enabling an authenticated user with Contributor-level access or higher to delete or generate ...
CVE-2025-13794 Auto Featured Image <= 4.2.1 - Missing Authorization to Authenticated (Contributor+) Post Thumbnail Modification
The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkactiongeneratehandler function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with...
CVE-2025-10145
The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the uploadtolibrary function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests ...
WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery vulnerability
Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Auto Featured Image Auto Post Thumbnail versions = 4.1.7...
CVE-2025-10145
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-7073. Reason: This candidate is a reservation duplicate of CVE-2023-7073. Notes: All CVE users should reference CVE-2023-7073 instead of this candidate. All references and descriptions in this candidate have been remov...
CVE-2025-10145
CVE-2025-10145 entry is rejected; refer to CVE-2023-7073 instead.
EUVD-2021-11844
Malware in sbrugna...
EUVD-2024-31345
Malicious code in bioql PyPI...
CVE-2024-38719 WordPress Auto Featured Image plugin <= 4.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Creative Motion Auto Featured Image Auto Post Thumbnail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through 4.1.2...
CVE-2024-38719
CVE-2024-38719 is a real, publicly documented vulnerability affecting the WordPress plugin Creative Motion Auto Featured Image (Auto Post Thumbnail) up to version 4.1.2 . The root cause is a Missing/Incorrectly Configured Authorization that allows exploitation of access control weaknesses in the ...
WordPress plugin Auto Featured Image (Auto Post Thumbnail) 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...
PT-2024-28164 · Creative Motion · Creative Motion Auto Featured Image
Name of the Vulnerable Software and Affected Versions: Creative Motion Auto Featured Image Auto Post Thumbnail versions 4.1.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels...
WordPress plugin Auto Featured Image from Title 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...
WordPress Auto Featured Image from Title Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)
Software Auto Featured Image from Title Type Plugin Vulnerable versions = 2.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8786 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2889e0c9e9d2 Credits vgo0...
WordPress Auto Featured Image (Auto Post Thumbnail) Plugin <= 4.1.2 is vulnerable to Broken Access Control
Software Auto Featured Image Auto Post Thumbnail Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38719 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 17fc0a0c63f8 Credits Joshu...
CVE-2024-6054
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'createpostattachmentfromurl' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above...
WordPress Auto Featured Image Plugin <= 1.2 is vulnerable to Arbitrary File Upload
Software Auto Featured Image Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6054 Patch priority Low CVSS severity Low 9.9 Developer Claim ownership PSID 82feedc389d9 Credits István Márton Required privilege Contribut...
CVE-2023-7073
The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the uploadtolibrary AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web reques...
CVE-2023-7073 Auto Featured Image (Auto Post Thumbnail) <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery
The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the uploadtolibrary AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web reques...