ByteOS Network

CVE Vulnerability Details :

CVE-2026-27759

PUBLISHED

More Info Official Page

Assigner-VulnCheck

Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10

Published At-27 Feb, 2026 | 22:17

Updated At-27 Feb, 2026 | 22:17

▼CVE Numbering Authority (CNA)

Featured Image from Content < 1.7 Authenticated SSRF via save_post

Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories.

Affected Products

Vendor

Dhrumil Kumbhani

Product

Featured Image from Content

Default Status

unaffected

Versions

Affected

From 0 before 1.7 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-918	CWE-918 Server-Side Request Forgery (SSRF)

Type: CWE

CWE ID: CWE-918

Description: CWE-918 Server-Side Request Forgery (SSRF)

Metrics

Version	Base score	Base severity	Vector
4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

Credits

finder

4lec4st

References

Hyperlink	Resource
https://wordpress.org/plugins/featured-image-from-content/	product patch
https://www.vulncheck.com/advisories/featured-image-from-content-authenticated-ssrf-via-save-post	third-party-advisory

Hyperlink: https://wordpress.org/plugins/featured-image-from-content/

Resource:

product

patch

Hyperlink: https://www.vulncheck.com/advisories/featured-image-from-content-authenticated-ssrf-via-save-post

Resource:

third-party-advisory

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References