Security Advisory

CVE-2025-9984

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-26 04:25:16

Last updated 2026-04-08 17:09:48

Assigner Wordfence

State PUBLISHED

Description

The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the fifu_api_debug_posts() function in all versions up to, and including, 5.2.7. This makes it possible for unauthenticated attackers to read private/password protected posts.

← Browse all CVEs View on cve.org ↗