Fsm Custom Featured Image Caption
Monthly
DOM-based cross-site scripting in fesomia FSM Custom Featured Image Caption WordPress plugin versions up to 1.25.1 allows authenticated administrators with high privileges to inject malicious scripts via improper input neutralization during featured image caption generation. The vulnerability requires user interaction (UI:R) and high administrator privileges (PR:H), limiting real-world risk despite the network-accessible attack vector. EPSS exploitation probability is very low at 0.03% percentile rank, and no public exploit code or active exploitation has been identified.
DOM-based cross-site scripting in fesomia FSM Custom Featured Image Caption WordPress plugin versions up to 1.25.1 allows authenticated administrators with high privileges to inject malicious scripts via improper input neutralization during featured image caption generation. The vulnerability requires user interaction (UI:R) and high administrator privileges (PR:H), limiting real-world risk despite the network-accessible attack vector. EPSS exploitation probability is very low at 0.03% percentile rank, and no public exploit code or active exploitation has been identified.