CVE-2025-13794 | Auto Featured Image Plugin up to 4.2.1 on WordPress Thumbnail bulk_action_generate_handler authorization

Inserito da Angelo Barbosa | Dic 15, 2025 | CVE

A vulnerability classified as problematic has been found in Auto Featured Image Plugin up to 4.2.1 on WordPress. Impacted is the function bulk_action_generate_handler of the component Thumbnail Handler. This manipulation causes missing authorization.

This vulnerability is tracked as CVE-2025-13794. The attack is possible to be carried out remotely. No exploit exists.

CVE-2025-13794 | Auto Featured Image Plugin up to 4.2.1 on WordPress Thumbnail bulk_action_generate_handler authorization

Post correlati

CVE-2024-48929 | Umbraco CMS up to 10.8.6/13.5.1 Sign-Out session fixiation (GHSA-wxw9-6pv9-c3xc)

CVE-2025-40640 | Status Tracker Energy CRM 2025 Query create_invoice_submit.php customerName_0 cross site scripting

CVE-2024-31392 | Mozilla Firefox up to 123 on iOS Mixed Content information disclosure

CVE-2023-51747 | Apache James Server up to 3.7.4/3.8.0 SMTP input validation