CVE-2022-2241
MEDIUMFeatured Image from URL (FIFU) < 4.0.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting
Title source: llmDescription
The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/8670d196-972b-491b-8d9b-25994a345f57
Scores
CVSS v3
6.1
EPSS
0.0051
EPSS Percentile
39.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-116
Status
published
Products (1)
fifu/featured_image_from_url
< 4.0.0
Published
Aug 01, 2022
Tracked Since
Feb 18, 2026