Server-Side Request Forgery in Auto Featured Image Plugin by Themeisle
CVE-2026-61970

4.9MEDIUM

What is CVE-2026-61970?

The Auto Featured Image (Auto Post Thumbnail) plugin from Themeisle is exposed to a Server-Side Request Forgery (SSRF) vulnerability. This security flaw allows attackers to send crafted requests from the server, potentially leading to unauthorized access to internal services and sensitive information. This issue impacts all versions of the plugin up to and including 5.0.4, making it critical for users to update to secure versions to mitigate security risks.

Affected Version(s)

Auto Featured Image (Auto Post Thumbnail) 0 <= 5.0.4

References

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ananda Dhakal (Patchstack)
.