{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27759", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-23T21:38:48.842Z", "datePublished": "2026-02-27T22:17:11.669Z", "dateUpdated": "2026-05-11T23:11:29.923Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Featured Image from Content", "vendor": "Dhrumil Kumbhani", "versions": [{"lessThan": "1.7", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "4lec4st"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Featured Image from Content</span> (featured-image-from-content) WordPress plugin versions prior to 1.7 contain&nbsp;an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories."}], "value": "Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain\u00a0an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.3, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-11T23:11:29.923Z"}, "references": [{"tags": ["product", "patch"], "url": "https://wordpress.org/plugins/featured-image-from-content/"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/featured-image-from-content-authenticated-ssrf-via-save-post"}], "source": {"discovery": "EXTERNAL"}, "title": "Featured Image from Content < 1.7 Authenticated SSRF via save_post", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T15:14:28.988871Z", "id": "CVE-2026-27759", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T15:17:44.408Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27759", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-02T15:14:28.988871Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T15:17:30.583Z"}}], "cna": {"title": "Featured Image from Content < 1.7 Authenticated SSRF via save_post", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "4lec4st"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dhrumil Kumbhani", "product": "Featured Image from Content", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wordpress.org/plugins/featured-image-from-content/", "tags": ["product", "patch"]}, {"url": "https://www.vulncheck.com/advisories/featured-image-from-content-authenticated-ssrf-via-save-post", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain\u00a0an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Featured Image from Content</span> (featured-image-from-content) WordPress plugin versions prior to 1.7 contain&nbsp;an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-11T23:11:29.923Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27759", "state": "PUBLISHED", "dateUpdated": "2026-05-11T23:11:29.923Z", "dateReserved": "2026-02-23T21:38:48.842Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-02-27T22:17:11.669Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain\u00a0an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories."}, {"lang": "es", "value": "Las versiones del plugin de WordPress Featured Image from Content (featured-image-from-content) anteriores a la 1.7 contienen una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor autenticada que permite a usuarios con nivel de Autor recuperar recursos HTTP internos. Los atacantes pueden explotar la obtenci\u00f3n insegura de URL y las operaciones de escritura de archivos para recuperar datos internos sensibles y almacenarlos en directorios de carga accesibles desde la web."}], "id": "CVE-2026-27759", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-02-27T23:16:04.187", "references": [{"source": "disclosure@vulncheck.com", "url": "https://wordpress.org/plugins/featured-image-from-content/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/featured-image-from-content-authenticated-ssrf-via-save-post"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.7)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Featured Image from Content", "source": "cna", "vendor": "Dhrumil Kumbhani"}, "product": "featured_image_from_content", "vendor": "dhrumil_kumbhani"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-16T15:07:02.154480+00:00", "value": {"mitigation_remediation": ["Upgrade the Featured Image from Content plugin to version 1.7 or newer to eliminate the flaw.", "Restrict or audit author\u2011level user permissions to the minimum necessary to reduce the attack surface.", "If an upgrade is not immediately possible, block outbound HTTP requests from the plugin by disabling external requests or enabling WordPress settings such as WP_HTTP_BLOCK_EXTERNAL."], "summary": {"action": "Update", "impact": "Server\u2011Side Request Forgery exposing internal resources"}, "threat_synthesis": {"affected_systems": "Affected systems are WordPress sites that have the Featured Image from Content plugin installed in any release earlier than 1.7. The plugin is maintained by Dhrumil Kumbhani. The vulnerability is present in all prior versions and can be exercised by users who have author or higher privileges within the WordPress installation.", "description_and_impact": "The Featured Image from Content WordPress plugin, before version 1.7, contains an authenticated server\u2011side request forgery flaw. Authenticated users with author\u2011level permissions can trigger the plugin\u2019s save_post routine to make the server fetch arbitrary URLs. Because the server performs the request using uncapped input, the attacker can extract internal HTTP resources and, through insecure file write operations, place the retrieved content into the site\u2019s upload directory. This creates a risk of internal data disclosure and may be leveraged for further exploitation.", "risk_and_exploitability": "The CVSS base score of 5.3 reflects moderate severity, and the EPSS score below 1% indicates a low likelihood of exploitation at present. Because the flaw requires authenticated access with at least author privileges and involves outbound HTTP requests, attackers would need to compromise the user account or exploit another vulnerability that provides such privileges. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, further suggesting limited public exploitation."}}}}, "created": "2026-03-02T12:04:30.039825+00:00", "updated": "2026-04-16T15:15:39.041856+00:00", "vendors": ["dhrumil_kumbhani", "dhrumil_kumbhani$PRODUCT$featured_image_from_content", "wordpress", "wordpress$PRODUCT$wordpress"]}