CVE-2026-27759 – Featured Image from Content < 1.7 Authenticated SSRF via save_post

CVE ID : CVE-2026-27759

Published : Feb. 27, 2026, 11:16 p.m. | 20 minutes ago

Description : Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…