4 matches found
CVE-2022-2241
The CVE concerns the WordPress plugin Featured Image from URL (FIFU) prior to version 4.0.1 . The root cause is absence of CSRF checks when updating settings, which could let a logged-in attacker coerce an admin into changing settings via CSRF. Additionally, insufficient validation/sanitisation/e...
CVE-2022-2278
CVE-2022-2278 affects the WordPress plugin Featured Image from URL (FIFU) prior to version 4.0.1. The issue arises because the plugin does not validate, sanitize, and escape certain settings, enabling stored Cross‑Site Scripting by high-privilege users (e.g., admins) when unfiltered_html is disal...
CVE-2024-1496
CVE-2024-1496 affects the WordPress plugin “Featured Image from URL (FIFU)”. The vulnerability is a Stored Cross-Site Scripting (XSS) via the fifu_input_url parameter, in all versions up to 4.6.2. With contributor+ privileges, an authenticated attacker can inject scripts that execute when users v...
CVE-2023-6561
The CVE-2023-6561 entry concerns the WordPress plugin Featured Image from URL (FIFU). A stored XSS flaw exists in all versions up to 4.5.3 due to insufficient input sanitization and output escaping in the featured image alt text, allowing authenticated attackers with Contributor+ privileges to in...