Lucene search
K

591 matches found

CVE
CVE
added 2025/12/05 5:31 a.m.13 views

CVE-2025-12153

CVE-2025-12153 affects the WordPress plugin Featured Image via URL, vulnerable in all versions up to and including 0.1. An authenticated attacker with Contributor-level access or higher can upload arbitrary files to the target site, with remote code execution potential. Wordfence lists the patch ...

8.8CVSS6.9AI score0.0048EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/05 5:31 a.m.23 views

CVE-2025-12153 Featured Image via URL <= 0.1 - Authenticated (Contributor+) Arbitrary FIle Upload

The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on...

8.8CVSS0.0048EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/05 5:31 a.m.4 views

EUVD-2025-201372

The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on...

8.8CVSS6.8AI score0.0048EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 5:31 a.m.4 views

CVE-2025-12153 Featured Image via URL <= 0.1 - Authenticated (Contributor+) Arbitrary FIle Upload

The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on...

8.8CVSS6.9AI score0.0048EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.4 views

WordPress plugin Featured Image via URL 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

8.8CVSS7.8AI score0.0048EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.5 views

PT-2025-49202

Name of the Vulnerable Software and Affected Versions Featured Image via URL plugin for WordPress versions prior to 0.1 Description The plugin is susceptible to arbitrary file uploads because of a lack of file type validation. Attackers with Contributor-level access or higher can upload any file ...

8.8CVSS7.5AI score0.0048EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/11/26 1:6 p.m.6 views

WordPress Featured Post Creative plugin <= 1.5.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Featured Post Creative versions = 1.5.5...

4.3CVSS7AI score0.00153EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/22 12:33 p.m.4 views

CVE-2025-66106

Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through = 1.5.5...

4.3CVSS6.9AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/22 8:35 a.m.11 views

CVE-2025-11973

The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.6.3 via the kdsflag functionality that imports featured images. This makes it possible for authenticated attackers, with Adminstrator-level access and above, to read the contents of arbitra...

4.9CVSS6AI score0.0028EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/21 3:31 p.m.4 views

EUVD-2025-198448

Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through = 1.5.5...

6.5AI score0.00153EPSS
Exploits0References2
NVD
NVD
added 2025/11/21 1:15 p.m.5 views

CVE-2025-66106

Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through = 1.5.5...

4.3CVSS0.00153EPSS
Exploits0References1
CVE
CVE
added 2025/11/21 12:30 p.m.13 views

CVE-2025-66106

CVE-2025-66106 describes a Missing Authorization (broken access control) vulnerability in the WordPress plugin Featured Post Creative (versions up to 1.5.5). The issue, caused by incorrectly configured access control, affects the Featured Post Creative plugin and has a CVSS v3.1 base score of 4.3...

4.3CVSS6.6AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/21 12:30 p.m.12 views

CVE-2025-66106 WordPress Featured Post Creative plugin <= 1.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through = 1.5.5...

4.3CVSS0.00153EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/21 12:30 p.m.2 views

CVE-2025-66106 WordPress Featured Post Creative plugin <= 1.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through = 1.5.5...

6.6AI score0.00153EPSS
Exploits0References1
CVE
CVE
added 2025/11/21 8:28 a.m.18 views

CVE-2025-11973

CVE-2025-11973 : The WordPress plugin 简数采集器 (Keydatas) is vulnerable to Arbitrary File Read in all versions up to and including 2.6.3 via the __kds_flag functionality that imports featured images. Authentication level required: Administrator+ or higher. Impact per sources: reading arbitrary serve...

4.9CVSS5.5AI score0.0028EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.3 views

WordPress plugin Featured Post Creative 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.4AI score0.00153EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.5 views

PT-2025-47768

Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through = 1.5.5...

7AI score0.00153EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/12 3:47 a.m.13 views

CVE-2025-12019

The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

5.5CVSS4.9AI score0.00428EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/12 3:46 a.m.16 views

CVE-2025-11828

The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...

6.4CVSS4.9AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 6:30 a.m.4 views

EUVD-2025-60922

The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS4.6AI score0.00428EPSS
Exploits1References7
Rows per page
Query Builder