Primary

Context

WordPress Featured Image from URL Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Patched

A vulnerability allowing sensitive information exposure has been identified in the Featured Image from URL (FIFU) plugin for WordPress, affecting all versions through 5.2.7. The issue arises from publicly accessible log files that can be viewed by unauthenticated attackers, potentially revealing sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information contained in the exposed log files.

Reproduction

The vulnerability can be reproduced by accessing the public log files created by the FIFU plugin. This can be done through the WordPress REST API or by directly navigating to the log file's URL, which is located in the uploads directory.

Remediation

Users are advised to update the Featured Image from URL plugin to version 5.2.8 or later.

Added: Sep 26, 2025, 5:20 AM

Updated: Sep 26, 2025, 5:20 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

8.6

remediation

7.7

relevance

0.6

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

8.6

remediation

7.7

relevance

0.6

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Featured Image from URL Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Featured Image from URL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating