WordPress Featured Image from URL plugin” (versions <= 3.9.9) arbitrary configuration update to XSS via CSRF vulnerability
2022年7月15日(金) 10:26
重大性スコア(CVS)
Details
Through a CSRF vulnerability discovered in the Featured Image from URL plugin (version <= 3.9.9), any configuration can be updated to XSS.
solution
Update to the latest version (at least 4.0.0) available from the WordPress Featured Image from URL plugin.
Sources.
Featured Image from URL (FIFU)
Use remote media as the featured image and beyond.
wordpress.org
