{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7400", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-09T18:44:13.906Z", "datePublished": "2025-10-07T07:22:39.716Z", "dateUpdated": "2026-04-08T17:13:10.661Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:10.661Z"}, "affected": [{"vendor": "marceljm", "product": "Featured Image from URL (FIFU)", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.2.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a post's Featured Image custom fields in all versions up to, and including, 5.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 5.2.2."}], "title": "Featured Image from URL (FIFU) <= 5.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image Custom Fields", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4eeaf05-ec86-4d99-bc00-81f7f99e88ce?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3362830/featured-image-from-url"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "timeline": [{"time": "2025-07-09T22:22:49.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-10-06T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-07T18:14:26.739430Z", "id": "CVE-2025-7400", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-07T18:14:40.045Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7400", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-07T18:14:26.739430Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-07T18:14:32.823Z"}}], "cna": {"title": "Featured Image from URL (FIFU) <= 5.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image Custom Fields", "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "marceljm", "product": "Featured Image from URL (FIFU)", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.2.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-09T22:22:49.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-10-06T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4eeaf05-ec86-4d99-bc00-81f7f99e88ce?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3362830/featured-image-from-url"}], "descriptions": [{"lang": "en", "value": "The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a post's Featured Image custom fields in all versions up to, and including, 5.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 5.2.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:10.661Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7400", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:13:10.661Z", "dateReserved": "2025-07-09T18:44:13.906Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-07T07:22:39.716Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a post's Featured Image custom fields in all versions up to, and including, 5.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 5.2.2."}], "id": "CVE-2025-7400", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-07T08:15:35.287", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3362830/featured-image-from-url"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a4eeaf05-ec86-4d99-bc00-81f7f99e88ce?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T19:17:30.975564+00:00", "value": {"mitigation_remediation": ["Update the Feature Image from URL (FIFU) plugin to any release newer than 5.2.7, which removes the stored\u2011XSS flaw.", "If an update is not immediately available, temporarily deactivate the plugin to stop the storage of malicious content until a fix is released.", "Restrict Contributor and higher roles from editing or setting featured image fields through the plugin until an official patch is applied."], "summary": {"action": "Patch Update", "impact": "Stored Cross-Site Scripting (XSS)"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to all releases of the Featured Image from URL (FIFU) plugin by marceljm up to and including version 5.2.7. A partial mitigation was introduced in version 5.2.2, but the flaw remains until at least 5.2.7. WordPress sites running any of these versions are at risk.", "description_and_impact": "The featured image URL plugin for WordPress allows authenticated users with Contributor-level access or higher to store arbitrary JavaScript code in the custom fields associated with a post\u2019s featured image. The stored code is not properly sanitized or escaped and executes in the browser of any user who views the affected post, potentially leading to session hijacking, credential theft, or defacement of the site. This weakness is a classic Stored Cross\u2011Site Scripting vulnerability identified as CWE\u201179 and can compromise confidentiality, integrity, and availability of the site\u2019s web content.", "risk_and_exploitability": "The CVSS score of 6.4 indicates a moderate severity. The EPSS score of less than 1% suggests a low probability of exploitation at the present time, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires authenticated access with Contributor or higher privileges; an attacker must obtain such credentials or exploit them opportunistically. Once the malicious payload is stored it will be delivered to all visitors of the impacted post."}}}}, "created": "2025-10-08T13:39:16.938306+00:00", "updated": "2026-04-20T19:30:06.158132+00:00", "vendors": ["fifu", "fifu$PRODUCT$featured_image_from_url", "wordpress", "wordpress$PRODUCT$wordpress"]}