CVE-2026-27759 - Featured Image from Content < 1.7 Authenticated SSRF via save_post

CVE ID : CVE-2026-27759 Published : Feb. 27, 2026, 11:16 p.m. | 22 minutes ago Description : Featured Image from Content (featured-image-from-content) WordPress plugin versions prior to 1.7 contain an authenticated server-side request forgery vulnerability that allows Author-level users to fetch internal HTTP resources. Attackers can exploit insecure URL fetching and file write operations to retrieve sensitive internal data and store it in web-accessible upload directories. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...