cleantalk
Vulnerabilities and Security Researches

Quick Featured Images, CVE-2024-3664

CVE, Research URL

CVE-2024-3664

Home page URL

Security reports for Quick Featured Images

Application

Quick Featured Images

Published on
Apr 23, 2024
Research Description
The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the set_thumbnail and delete_thumbnail functions in all versions up to, and including, 13.7.0. This makes it possible for authenticated attackers, with contributor-level access and above, to delete thumbnails and add thumbnails to posts they did not author.
Affected versions
max 13.7.1.
Status
vulnerable
Previous vulnerability researches
Quick Featured Images (CVE-2024-3664) , Jun 06, 2024
Quick Featured Images (CVE-2025-11176) , Nov 11, 2025
New vulnerability
JB News Ticker (CVE-2025-11804) , Nov 11, 2025
My auctions allegro (CVE-2025-10048) , Nov 11, 2025
Sertifier Certificates & Open Badges – Tutor LMS (CVE-2025-53214) , Nov 11, 2025
Toast Mobile Menu – PageSpeed Insights Friendly (CVE-2025-53238) , Nov 11, 2025
Stripe Payment forms for WordPress Plugin – WP Full Pay (CVE-2025-9322) , Nov 11, 2025