Skip to main content

Auto Featured Image Auto Post Thumbnail

1 CVEs product

Monthly

CVE-2026-61970 MEDIUM This Month

Server-Side Request Forgery in the Themeisle Auto Featured Image (Auto Post Thumbnail) WordPress plugin through version 5.0.4 enables authenticated low-privilege users to coerce the server into issuing arbitrary outbound HTTP requests to attacker-controlled destinations, including internal network resources. The CVSS scope change (S:C) confirms the vulnerability can reach resources outside the WordPress application boundary - such as cloud metadata endpoints, internal APIs, or services on the hosting network. No public exploit identified at time of analysis, and SSVC assessment confirms no observed exploitation with non-automatable attack conditions.

SSRF Auto Featured Image Auto Post Thumbnail
NVD
CVSS 3.1
4.9
EPSS
0.2%
EPSS 0% CVSS 4.9
MEDIUM This Month

Server-Side Request Forgery in the Themeisle Auto Featured Image (Auto Post Thumbnail) WordPress plugin through version 5.0.4 enables authenticated low-privilege users to coerce the server into issuing arbitrary outbound HTTP requests to attacker-controlled destinations, including internal network resources. The CVSS scope change (S:C) confirms the vulnerability can reach resources outside the WordPress application boundary - such as cloud metadata endpoints, internal APIs, or services on the hosting network. No public exploit identified at time of analysis, and SSVC assessment confirms no observed exploitation with non-automatable attack conditions.

SSRF Auto Featured Image Auto Post Thumbnail
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy