VYPR
Unrated severityNVD Advisory· Published Aug 1, 2022· Updated Aug 3, 2024

Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF

CVE-2022-2241

Description

The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.