Featured Image Plus – Quick & Bulk Edit with Unsplash

5.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Description

The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.4 via the fip_get_image_options() function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Basic Information

ID CVE-2025-5818

Source Wordfence

Published Jul 23, 2025 at 02:24

Modified Jul 23, 2025 at 15:57

Affected Product

Vendor krasenslavov

Product Featured Image Plus – Quick & Bulk Edit with Unsplash

Version *

Affected Versions krasenslavov Featured Image Plus – Quick & Bulk Edit with Unsplash *

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "The Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.4 via the fip_get_image_options() function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
    "published": "2025-07-23T02:24:38.208Z",
    "modified": "2025-07-23T15:57:40.196Z",
    "type": "cve",
    "title": "Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash <= 1.6.4 - Authenticated (Admin+) Server-Side Request Forgery",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6904f168-e06f-4f17-905b-a943a39dfbdb?source=cve\nhttps://plugins.trac.wordpress.org/browser/featured-image-plus/trunk/inc/admin/block-editor/block-editor-actions.php#L166",
    "id": "CVE-2025-5818",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "krasenslavov Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash *",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash",
    "version": "*",
    "vendor": "krasenslavov",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Featured Image Plus – Quick & Bulk Edit with Unsplash <= 1.6.4 - Authenticated (Admin+) Server-Side Request Forgery_CVE-2025-5818