Vulnerabilities and security researches forfeatured-image-from-content featured-image-from-content

Mar 30, 2026

CVE, Research URL: CVE-2026-27759
Home page URL: Security reports for Featured Image from Content
Application: Featured Image from Content
Date: Feb 28, 2026
Research Description: Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories.
Affected versions: max 1.7.
Status: vulnerable