cleantalk
Vulnerabilities and Security Researches

Featured Image from Content, CVE-2026-27759

CVE, Research URL

CVE-2026-27759

Home page URL

Security reports for Featured Image from Content

Application

Featured Image from Content

Published on
Feb 28, 2026
Research Description
Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories.
Affected versions
max 1.7.
Status
vulnerable
Previous vulnerability researches
WP Booking (CVE-2024-35297) , Jun 07, 2024
New vulnerability
WP Sessions Time Monitoring Full Automatic (CVE-2026-32362) , Mar 30, 2026
Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder (CVE-2024-13785) , Mar 30, 2026
Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling (CVE-2025-15473) , Mar 30, 2026
iContact for Gravity Forms (CVE-2025-68863) , Mar 30, 2026
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2026-25417) , Mar 30, 2026