cleantalk
Vulnerabilities and Security Researches

Featured Image Plus, CVE-2025-4431

CVE, Research URL

CVE-2025-4431

Home page URL

Security reports for Featured Image Plus

Application

Featured Image Plus

Published on
May 30, 2025
Research Description
The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fip_save_attach_featured function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update featured image of any post.
Affected versions
Min -, max 1.6.3.
Status
vulnerable
Previous vulnerability researches
Falang multilanguage for WordPress (CVE-2024-4417) , Jun 07, 2024
Falang multilanguage for WordPress (a9b4ba34b4a82b7813dfffcdb15dba44c54af5cc) , Jun 07, 2024
Falang multilanguage for WordPress (CVE-2023-37968) , Jun 07, 2024
Falang multilanguage for WordPress (CVE-2024-30495) , Jun 07, 2024
Falang multilanguage for WordPress (CVE-2024-37240) , Jun 26, 2024
New vulnerability
Featured Image Plus (CVE-2025-4431) , Jun 10, 2025
Products per Page for WooCommerce (CVE-2025-47504) , Jun 10, 2025
Min Max Default Quantity for WooCommerce (CVE-2025-47504) , Jun 09, 2025
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025