{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-5818", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-06T16:49:08.190Z", "datePublished": "2025-07-23T02:24:38.208Z", "dateUpdated": "2026-04-08T16:58:34.735Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:58:34.735Z"}, "affected": [{"vendor": "krasenslavov", "product": "Featured Image Plus \u2013 Bulk Edit Featured Images, Unsplash & Alt Text Manager", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.6.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.6 via the fip_get_image_options() function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."}], "title": "Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash <= 1.6.6 - Authenticated (Admin+) Server-Side Request Forgery", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6904f168-e06f-4f17-905b-a943a39dfbdb?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/featured-image-plus/trunk/inc/admin/block-editor/block-editor-actions.php#L166"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3331831%40featured-image-plus&new=3331831%40featured-image-plus&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "cweId": "CWE-918", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "ch4r0n"}], "timeline": [{"time": "2025-07-22T14:05:14.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-23T15:52:11.437162Z", "id": "CVE-2025-5818", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-23T15:57:40.196Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5818", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-23T15:52:11.437162Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-23T15:54:01.209Z"}}], "cna": {"title": "Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash <= 1.6.6 - Authenticated (Admin+) Server-Side Request Forgery", "credits": [{"lang": "en", "type": "finder", "value": "ch4r0n"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "krasenslavov", "product": "Featured Image Plus \u2013 Bulk Edit Featured Images, Unsplash & Alt Text Manager", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.6.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-22T14:05:14.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6904f168-e06f-4f17-905b-a943a39dfbdb?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/featured-image-plus/trunk/inc/admin/block-editor/block-editor-actions.php#L166"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3331831%40featured-image-plus&new=3331831%40featured-image-plus&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.6 via the fip_get_image_options() function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:58:34.735Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5818", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:58:34.735Z", "dateReserved": "2025-06-06T16:49:08.190Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-23T02:24:38.208Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.6 via the fip_get_image_options() function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."}, {"lang": "es", "value": "El complemento Featured Image Plus \u2013 Quick &amp; Bulk Edit with Unsplash para WordPress es vulnerable a Server-Side Request Forgery en todas las versiones hasta la 1.6.4 incluida, mediante la funci\u00f3n fip_get_image_options(). Esto permite a atacantes autenticados, con acceso de administrador o superior, realizar solicitudes web a ubicaciones arbitrarias desde la aplicaci\u00f3n web y utilizarlas para consultar y modificar informaci\u00f3n de servicios internos."}], "id": "CVE-2025-5818", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-23T03:15:24.627", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/featured-image-plus/trunk/inc/admin/block-editor/block-editor-actions.php#L166"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3331831%40featured-image-plus&new=3331831%40featured-image-plus&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6904f168-e06f-4f17-905b-a943a39dfbdb?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:02:17.349177+00:00", "value": {"mitigation_remediation": ["Update the Featured Image Plus plugin to the latest available version that includes the fix.", "If an update is not immediately possible, restrict outgoing HTTP connectivity from the WordPress installation or configure a firewall to block requests to internal network ranges.", "Audit server logs for unexpected outbound traffic originating from WordPress and investigate any anomalies promptly."], "summary": {"action": "Patch Now", "impact": "Server\u2011Side Request Forgery allowing authenticated administrators to cause the WordPress application to send arbitrary HTTP requests."}, "threat_synthesis": {"affected_systems": "WordPress sites that use the Featured Image Plus \u2013 Bulk Edit Featured Images, Unsplash & Alt Text Manager plugin version 1.6.6 or earlier. The plugin is maintained by krasenslavov. All site administrators with access to the plugin\u2019s bulk edit features are potentially affected.", "description_and_impact": "The vulnerability is a Server\u2011Side Request Forgery that can be triggered through the fip_get_image_options() function in the Featured Image Plus plugin. An attacker who has administrator or higher privileges on a WordPress site can use this flaw to make web requests to arbitrary locations from the server, potentially exposing internal network services or sensitive data. The flaw does not directly compromise the server itself, but it enables the attacker to read or modify information from other systems reachable from the WordPress host, which can lead to data exfiltration or manipulation of internal services.", "risk_and_exploitability": "The CVSS score of 5.5 indicates a moderate severity, and the EPSS score of less than 1% suggests low exploitation probability so far. The flaw is not listed in CISA\u2019s KEV catalog. Given that the vulnerability requires authenticated admin privilege, an attacker would need to compromise a site administrator account or exploit an existing admin login. Once an attacker obtains that access, they can trigger the SSRF via the bulk edit route and cause the server to perform arbitrary HTTP requests. No public exploit binaries are available, but the path could be reproduced by a site administrator or a malicious plugin author."}}}}, "created": "2025-07-23T17:35:51.863423+00:00", "updated": "2026-04-22T01:15:07.298504+00:00", "vendors": ["krasenslavov", "krasenslavov$PRODUCT$featured_image_plus", "wordpress", "wordpress$PRODUCT$wordpress"]}