VYPR

Auto Thumbnailer

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-12154HigDec 5, 2025
    risk 0.57cvss 8.8epss 0.00

    The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb() function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Contributor-level access and…

  • CVE-2026-8899MedMay 27, 2026
    risk 0.42cvss 6.4epss 0.00

    The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on the shortcode's 'width' and 'height' attributes in…