6 matches found
WordPress Featured Image from URL (FIFU) plugin <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url' vulnerability
Authenticated Contributor+ Server-Side Request Forgery via 'fifuinputurl' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Featured Image from URL versions = 5.3.1...
CVE-2025-13393
CVE-2025-13393 (FIFU SSRF) : The WordPress Featured Image from URL (FIFU) plugin (versions ≤ 5.3.1) is vulnerable to Server-Side Request Forgery via the FIFU input URL parameter in the FIFU Elementor widget. Exploitation requires authenticated access at Contributor level or higher and Elementor p...
EUVD-2026-1844
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize function in the Elementor widget integration. This...
CVE-2025-13393 Featured Image from URL (FIFU) <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url'
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize function in the Elementor widget integration. This...
CVE-2025-13393 Featured Image from URL (FIFU) <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url'
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize function in the Elementor widget integration. This...
CVE-2024-1496
The Featured Image from URL FIFU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifuinputurl parameter in all versions up to, and including, 4.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...