QwikSec

Security Database

CVE

CWE

Training

CVE-2026-27759

Published: Feb 27, 2026

Modified: May 11, 2026

PUBLISHED

Description

Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories.

Vendor	Product	Versions
Dhrumil Kumbhani	Featured Image from Content	affected `0 - < 1.7`

Weaknesses (CWE)

References

https://wordpress.org/plugins/featured-image-from-content/

product

patch

https://www.vulncheck.com/advisories/featured-image-from-content-authenticated-ssrf-via-save-post

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.