Vulnerability Description
Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories.
Related Weaknesses (CWE)
References
- https://wordpress.org/plugins/featured-image-from-content/
- https://www.vulncheck.com/advisories/featured-image-from-content-authenticated-s
FAQ
What is CVE-2026-27759?
CVE-2026-27759 is a documented vulnerability. Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fe...
How severe is CVE-2026-27759?
CVSS scoring is not yet available for CVE-2026-27759. Check NVD for updates.
Is there a patch for CVE-2026-27759?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.