Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
WordPress Featured Image Plugin Allows Author-Level Users to Access Sensitive Internal Data
CVE-2026-27759
Summary
The Featured Image from Content plugin in WordPress has a security flaw that allows users with Author-level access to view and store sensitive internal data. This could lead to unauthorized access to internal files and data. To fix, update the plugin to version 1.7 or later.
Original title
Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to...
Original description
Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories.
nvd CVSS4.0
5.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026