CVE-2026-27759

UNKNOWN 0.0

Featured Image from Content < 1.7 Authenticated SSRF via save_post

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories.

CWE	CWE-918
Vendor	dhrumil kumbhani
Product	featured image from content
Published	Feb 27, 2026
Last Updated	Mar 2, 2026

Stay Ahead of the Next One

Get instant alerts for dhrumil kumbhani featured image from content

Be the first to know when new unknown vulnerabilities affecting dhrumil kumbhani featured image from content are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Dhrumil Kumbhani / Featured Image from Content

0 < 1.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordpress.org: https://wordpress.org/plugins/featured-image-from-content/ vulncheck.com: https://www.vulncheck.com/advisories/featured-image-from-content-authenticated-ssrf-via-save-post

Credits

4lec4st