Medium severityNVD Advisory· Published Feb 27, 2026· Updated Apr 15, 2026

CVE-2026-27759

Description

Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories.

Affected products

WordPress/Featured Image From Contentreferences
Package: https://wordpress.org/plugins/featured-image-from-content

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wordpress.org/plugins/featured-image-from-content/nvd
www.vulncheck.com/advisories/featured-image-from-content-authenticated-ssrf-via-save-postnvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000