Security Advisory

CVE-2026-27759

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-27 22:17:11
Last updated 2026-05-11 23:11:29
Assigner VulnCheck
State PUBLISHED

Description

Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories.