CVE-2025-4431

by Fred · 30/05/2025

The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fip_save_attach_featured function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update featured image of any post.

Assigner : cve-request@wordfence.com

More information : https://plugins.trac.wordpress.org/browser/featured-image-plus/trunk/inc/admin/block-editor/block-editor-actions.php#L204

CVE-2025-4431

Similar

Recent Posts

Categories

CVE-2025-4431

Share this:

Similar

Recent Posts

Categories

Tags