Lucene search
K
FifuFeatured Image From Url

4 matches found

CVE
CVE
added 2022/08/01 12:50 p.m.75 views

CVE-2022-2241

The CVE concerns the WordPress plugin Featured Image from URL (FIFU) prior to version 4.0.1 . The root cause is absence of CSRF checks when updating settings, which could let a logged-in attacker coerce an admin into changing settings via CSRF. Additionally, insufficient validation/sanitisation/e...

6.1CVSS6AI score0.0051EPSS
Web
CVE
CVE
added 2022/08/01 12:51 p.m.70 views

CVE-2022-2278

CVE-2022-2278 affects the WordPress plugin Featured Image from URL (FIFU) prior to version 4.0.1. The issue arises because the plugin does not validate, sanitize, and escape certain settings, enabling stored Cross‑Site Scripting by high-privilege users (e.g., admins) when unfiltered_html is disal...

4.8CVSS4.7AI score0.00493EPSS
Web
CVE
CVE
added 2024/02/20 6:56 p.m.62 views

CVE-2024-1496

CVE-2024-1496 affects the WordPress plugin “Featured Image from URL (FIFU)”. The vulnerability is a Stored Cross-Site Scripting (XSS) via the fifu_input_url parameter, in all versions up to 4.6.2. With contributor+ privileges, an authenticated attacker can inject scripts that execute when users v...

6.4CVSS6.1AI score0.00429EPSS
CVE
CVE
added 2024/01/11 8:33 a.m.53 views

CVE-2023-6561

The CVE-2023-6561 entry concerns the WordPress plugin Featured Image from URL (FIFU). A stored XSS flaw exists in all versions up to 4.5.3 due to insufficient input sanitization and output escaping in the featured image alt text, allowing authenticated attackers with Contributor+ privileges to in...

6.4CVSS5.2AI score0.0045EPSS