VulnerAlert



APPLICATION
CLOUD
WORDPRESS
28-10-2025 03:20

CVE-2025-10145 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#plugin
#data
#web
#server
#image
#form
#cloud
#application
#attackers
#authenticated
#arbitrary
#vulnerable
#server-side request forgery
#issue
#allow
#attack
#access
Descripción
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the upload_to_library function. This makes it possible authenticated attackers, with Author-level access above, make web requests arbitrary locations originating from application can be used query modify information internal services. On Cloud instances, this issue allows metadata retrieval.
https://plugins.trac.wordpress.org/browser/auto-post-thumbnail/tags/4.1.7/includes/class-apt.php#L821
https://www.wordfence.com/threat-intel/vulnerabilities/id/93acfae6-470b-4637-b76b-e1162b80253f?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-10145
Resultados similares
Coincidentes en almenos en 50% de los tags
28-10-2025 CVE-2025-27223
TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mecha...
Ver información
28-10-2025 CVE-2025-34304
IPFire versions prior to 2.29 (Core Update 198) contain a SQL injection vulnerability that allo...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por