cleantalk
Vulnerabilities and Security Researches

Featured Image Plus, CVE-2025-5818

CVE, Research URL

CVE-2025-5818

Home page URL

Security reports for Featured Image Plus

Application

Featured Image Plus

Published on
Jul 23, 2025
Research Description
The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.4 via the fip_get_image_options() function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions
Min -, max 1.6.4.
Status
vulnerable
Previous vulnerability researches
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor T (CVE-2024-9540) , Oct 17, 2024
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor T (CVE-2024-5036) , Jun 21, 2024
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor T (CVE-2024-12624) , Jan 07, 2025
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor T (CVE-2021-24269) , Jun 07, 2024
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor T (CVE-2024-3988) , Jun 07, 2024
New vulnerability
WP Wallcreeper (CVE-2025-7822) , Jul 26, 2025
Supreme Addons for Beaver Builder – (CVE-2025-3669) , Jul 25, 2025
WP Get The Table (CVE-2025-6387) , Jul 25, 2025
ElementsKit Elementor addons (CVE-2025-3614) , Jul 25, 2025
WP Links Page (CVE-2025-30998) , Jul 25, 2025