VYPR

Auto Post Thumbnail

by WordPress

Source repositories

CVEs (5)

  • CVE-2023-0477HigMar 13, 2023
    risk 0.57cvss 8.8epss 0.02

    The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP files. This is caused by incorrect file extension validation.

  • CVE-2023-7073MedMay 31, 2024
    risk 0.42cvss 6.4epss 0.00

    The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and…

  • CVE-2024-33629MedApr 29, 2024
    risk 0.29cvss 4.4epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail).This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.0.0.

  • CVE-2025-13794MedDec 16, 2025
    risk 0.28cvss 4.3epss 0.00

    The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulk_action_generate_handler function in all versions up to, and including, 4.2.1. This makes it possible for…

  • CVE-2024-38719MedNov 1, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.1.2.