Marceljm Featured Image From Url (Fifu)
8 CVEs affecting Marceljm Featured Image From Url (Fifu). Latest disclosed: 2026-01-10. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-7400 | Medium | 6.4 | 2025-10-07 | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a post's Featured Image custom fields in all versions… |
CVE-2024-1496 | Medium | 6.4 | 2024-02-29 | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifu_input_url parameter in all versions up to, an… |
CVE-2023-6561 | Medium | 6.4 | 2024-01-11 | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and… |
CVE-2025-9985 | Medium | 5.3 | 2025-09-26 | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through pub… |
CVE-2025-9984 | Medium | 5.3 | 2025-09-26 | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the fifu_api_debug_po… |
CVE-2025-10037 | Medium | 4.9 | 2025-09-26 | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to SQL Injection via the get_posts_with_internal_featured_image() function in all version… |
CVE-2025-10036 | Medium | 4.9 | 2025-09-26 | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to SQL Injection via the get_all_urls() function in all versions up to, and including, 5… |
CVE-2025-13393 | Medium | 4.3 | 2026-01-10 | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due t… |