Featured Image from URL
fifu.app
Developer
5.3.1
Latest version
80,000
Installations
Nov 4, 2025
Last updated
Vulnerability history
0 present
11 fixed
0 Mitigation rules
- Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image Custom Fields vulnerability<= 5.2.7Oct 6, 2025
- Authenticated (Admin+) SQL Injection vulnerability<= 5.2.7Sep 25, 2025
- Missing Authorization to Password Protected Post Disclosure vulnerability<= 5.2.7Sep 25, 2025
- Unauthenticated Information Exposure via Log File vulnerability<= 5.2.7Sep 25, 2025
- Broken Access Control vulnerability<= 4.8.2Jul 5, 2024
- Broken Access Control vulnerability<= 4.8.1Jun 28, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via fifu_input_url vulnerability<= 4.6.2Feb 20, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text vulnerability<= 4.5.3Dec 15, 2023
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 4.0.0Jul 11, 2022
- Arbitrary Settings Update to Stored XSS via CSRF vulnerability<= 3.9.9Jul 11, 2022
- Missing Access Controls on REST routes vulnerability<= 2.7.7Dec 27, 2019