cleantalk
Vulnerabilities and Security Researches

Featured Image from URL (FIFU), CVE-2024-1496

CVE, Research URL

CVE-2024-1496

Home page URL

Security reports for Featured Image from URL (FIFU)

Application

Featured Image from URL (FIFU)

Published on
Feb 29, 2024
Research Description
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifu_input_url parameter in all versions up to, and including, 4.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 4.6.3.
Status
vulnerable
Previous vulnerability researches
Featured Image from URL (FIFU) (CVE-2024-1496) , Jun 07, 2024
Featured Image from URL (FIFU) (c5b410e4120824e037e364466d4c7e1489a4eda8) , Jun 07, 2024
Featured Image from URL (FIFU) (CVE-2022-2278) , Jun 07, 2024
Featured Image from URL (FIFU) (CVE-2022-2241) , Jun 07, 2024
Featured Image from URL (FIFU) (CVE-2023-6561) , Jun 07, 2024
New vulnerability
Genealogical Tree – WordPress Family Tree (CVE-2025-58023) , Oct 12, 2025
WPB Quick View Popup for WooCommerce – Display Product Informations in Popup on Button Click (CVE-2025-57967) , Oct 12, 2025
Mixtape (CVE-2025-9860) , Oct 12, 2025
Advanced Settings (CVE-2025-58996) , Oct 12, 2025
FancyTabs (CVE-2025-8560) , Oct 12, 2025