Server-Side Request Forgery in Auto Featured Image Plugin by Themeisle
CVE-2026-61970
4.9MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 13 July 2026
What is CVE-2026-61970?
The Auto Featured Image (Auto Post Thumbnail) plugin from Themeisle is exposed to a Server-Side Request Forgery (SSRF) vulnerability. This security flaw allows attackers to send crafted requests from the server, potentially leading to unauthorized access to internal services and sensitive information. This issue impacts all versions of the plugin up to and including 5.0.4, making it critical for users to update to secure versions to mitigate security risks.
Affected Version(s)
Auto Featured Image (Auto Post Thumbnail) 0 <= 5.0.4