CVE-2025-5818

CVE-2025-5818 affects the WordPress plugin Featured Image Plus – Quick & Bulk Edit with Unsplash. Technical details in connected docs confirm an authenticated SSRF in fip_get_image_options() impacting all versions up to 1.6.4 (Wordfence/NVD). Exploitation requires administrator-level access or hi...

CVE-2025-5818 Featured Image Plus – Quick & Bulk Edit with Unsplash <= 1.6.6 - Authenticated (Admin+) Server-Side Request Forgery

The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.6 via the fipgetimageoptions function. This makes it possible for authenticated attackers, with administrator-level access and abov...

WordPress plugin Featured Image Plus – Quick & Bulk Edit with Unsplash 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Featured Image Plu...

PT-2025-30511 · WordPress · The Featured Image Plus – Quick & Bulk Edit With Unsplash

Name of the Vulnerable Software and Affected Versions: Featured Image Plus – Quick & Bulk Edit with Unsplash versions prior to 1.6.4 Description: The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is susceptible to Server-Side Request Forgery via the fip get image...

CVE-2025-4431

The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fipsaveattachfeatured function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers...

CVE-2025-4431

CVE-2025-4431 affects the WordPress plugin Featured Image Plus – Quick & Bulk Edit with Unsplash . The root cause is a missing capability check in the function fip_save_attach_featured, enabling unauthorised modification of post featured images by authenticated users with Subscriber-level access ...

CVE-2025-4431 Featured Image Plus <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Featured Image Update

The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fipsaveattachfeatured function in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers...

WordPress plugin Featured Image Plus – Quick & Bulk Edit with Unsplash 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin Featured...