Skip to main content

Auto Post Thumbnail EUVDEUVD-2026-43439

| CVE-2026-61970 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-13 Patchstack
4.9
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
4.9 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
vuln.today AI
4.9 MEDIUM

Network-reachable via plugin URL fetch; low-privilege auth required; high complexity for useful internal endpoint identification; scope change confirmed by SSRF reaching beyond WordPress boundary.

3.1 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
4.0 AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 13, 2026 - 11:15 vuln.today

DescriptionCVE.org

Server-Side Request Forgery (SSRF) vulnerability in Themeisle Auto Featured Image (Auto Post Thumbnail) auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through <= 5.0.4.

AnalysisAI

Server-Side Request Forgery in the Themeisle Auto Featured Image (Auto Post Thumbnail) WordPress plugin through version 5.0.4 enables authenticated low-privilege users to coerce the server into issuing arbitrary outbound HTTP requests to attacker-controlled destinations, including internal network resources. The CVSS scope change (S:C) confirms the vulnerability can reach resources outside the WordPress application boundary - such as cloud metadata endpoints, internal APIs, or services on the hosting network. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege WordPress account
Delivery
Trigger plugin image-fetch with crafted internal URL
Exploit
Server issues SSRF request to internal endpoint
Execution
Extract partial response data from server behavior
Impact
Enumerate internal services or access cloud metadata credentials

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid low-privilege WordPress account on the target site (reflected in CVSS PR:L) - anonymous or unauthenticated exploitation is not possible with this vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS base score of 4.9 (Medium) reflects a realistic risk posture. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privilege WordPress account (such as a contributor or author) submits a post or triggers the plugin's image-fetch function using a crafted URL pointing to the cloud instance metadata endpoint (e.g., http://169.254.169.254/latest/meta-data/iam/security-credentials/). The server fetches the URL and, depending on how the plugin handles the response, may expose partial response content or confirm the existence of internal services, potentially leading to credential disclosure from the metadata service. …
Remediation The primary remediation is to update the Auto Featured Image (Auto Post Thumbnail) plugin to a version beyond 5.0.4; consult the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/auto-post-thumbnail/vulnerability/wordpress-auto-featured-image-auto-post-thumbnail-plugin-5-0-4-server-side-request-forgery-ssrf-vulnerability for the confirmed patched version, as the input data does not specify an exact fix version - patched release not independently confirmed from available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43439 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy