Marceljm Featured Image From Url (Fifu)

8 CVEs affecting Marceljm Featured Image From Url (Fifu). Latest disclosed: 2026-01-10. Critical: 0, High: 0.

Top CVEs affecting Marceljm Featured Image From Url (Fifu)
CVESeverityScorePublishedSummary
CVE-2025-7400Medium6.42025-10-07The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a post's Featured Image custom fields in all versions…
CVE-2024-1496Medium6.42024-02-29The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifu_input_url parameter in all versions up to, an…
CVE-2023-6561Medium6.42024-01-11The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and…
CVE-2025-9985Medium5.32025-09-26The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through pub…
CVE-2025-9984Medium5.32025-09-26The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the fifu_api_debug_po…
CVE-2025-10037Medium4.92025-09-26The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to SQL Injection via the get_posts_with_internal_featured_image() function in all version…
CVE-2025-10036Medium4.92025-09-26The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to SQL Injection via the get_all_urls() function in all versions up to, and including, 5…
CVE-2025-13393Medium4.32026-01-10The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due t…