Featured Image via URL

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

AI Analysis

Arbitrary file upload vulnerability in Featured Image via URL plugin due to missing file type validation

Basic Information

ID CVE-2025-12153

Source Wordfence

Published Dec 5, 2025 at 05:31

Affected Product

Vendor tsaiid

Product Featured Image via URL

Version *

Affected Versions tsaiid Featured Image via URL *

CWE Classification

CWE-434

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor tsaiid

Product Featured Image via URL

Version 0.1

References

{
    "lastseen": "",
    "description": "The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.",
    "published": "2025-12-05T05:31:26.455Z",
    "modified": "2025-12-05T05:31:26.455Z",
    "type": "cve",
    "title": "Featured Image via URL <= 0.1 - Authenticated (Contributor+) Arbitrary FIle Upload",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9687a88f-ac5b-4746-a68c-91c358b5fb87?source=cve\nhttps://wordpress.org/plugins/featured-image-via-url/",
    "id": "CVE-2025-12153",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "tsaiid Featured Image via URL *",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Featured Image via URL",
    "version": "*",
    "vendor": "tsaiid",
    "ai_description": "Arbitrary file upload vulnerability in Featured Image via URL plugin due to missing file type validation",
    "ai_severity": "High",
    "ai_vendor": "tsaiid",
    "ai_product": "Featured Image via URL",
    "ai_version": "0.1",
    "ai_score": 8.8
}

Featured Image via URL <= 0.1 - Authenticated (Contributor+) Arbitrary FIle Upload_CVE-2025-12153