591 matches found
CVE-2025-12153
CVE-2025-12153 affects the WordPress plugin Featured Image via URL, vulnerable in all versions up to and including 0.1. An authenticated attacker with Contributor-level access or higher can upload arbitrary files to the target site, with remote code execution potential. Wordfence lists the patch ...
CVE-2025-12153 Featured Image via URL <= 0.1 - Authenticated (Contributor+) Arbitrary FIle Upload
The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on...
EUVD-2025-201372
The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on...
CVE-2025-12153 Featured Image via URL <= 0.1 - Authenticated (Contributor+) Arbitrary FIle Upload
The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on...
WordPress plugin Featured Image via URL 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
PT-2025-49202
Name of the Vulnerable Software and Affected Versions Featured Image via URL plugin for WordPress versions prior to 0.1 Description The plugin is susceptible to arbitrary file uploads because of a lack of file type validation. Attackers with Contributor-level access or higher can upload any file ...
WordPress Featured Post Creative plugin <= 1.5.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Featured Post Creative versions = 1.5.5...
CVE-2025-66106
Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through = 1.5.5...
CVE-2025-11973
The 简数采集器 plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.6.3 via the kdsflag functionality that imports featured images. This makes it possible for authenticated attackers, with Adminstrator-level access and above, to read the contents of arbitra...
EUVD-2025-198448
Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through = 1.5.5...
CVE-2025-66106
Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through = 1.5.5...
CVE-2025-66106
CVE-2025-66106 describes a Missing Authorization (broken access control) vulnerability in the WordPress plugin Featured Post Creative (versions up to 1.5.5). The issue, caused by incorrectly configured access control, affects the Featured Post Creative plugin and has a CVSS v3.1 base score of 4.3...
CVE-2025-66106 WordPress Featured Post Creative plugin <= 1.5.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through = 1.5.5...
CVE-2025-66106 WordPress Featured Post Creative plugin <= 1.5.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through = 1.5.5...
CVE-2025-11973
CVE-2025-11973 : The WordPress plugin 简数采集器 (Keydatas) is vulnerable to Arbitrary File Read in all versions up to and including 2.6.3 via the __kds_flag functionality that imports featured images. Authentication level required: Administrator+ or higher. Impact per sources: reading arbitrary serve...
WordPress plugin Featured Post Creative 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-47768
Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through = 1.5.5...
CVE-2025-12019
The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...
CVE-2025-11828
The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization and output escaping when using...
EUVD-2025-60922
The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...