** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-7073. Reason: This candidate is a reservation duplicate of CVE-2023-7073. Notes: All CVE users should reference CVE-2023-7073 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Themeisle
  • Auto Featured Image
Wordpress
  • Wordpress

No data.

No data.

References

No reference.

History

Fri, 16 Jan 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

Fri, 16 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
Title Auto Featured Image (Auto Post Thumbnail) <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 14:00:00 +0000

Type Values Removed Values Added
Description The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the upload_to_library function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On Cloud instances, this issue allows for metadata retrieval. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-7073. Reason: This candidate is a reservation duplicate of CVE-2023-7073. Notes: All CVE users should reference CVE-2023-7073 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Tue, 28 Oct 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Oct 2025 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Themeisle
Themeisle auto Featured Image
Wordpress
Wordpress wordpress
Vendors & Products Themeisle
Themeisle auto Featured Image
Wordpress
Wordpress wordpress

Tue, 28 Oct 2025 05:45:00 +0000

Type Values Removed Values Added
Description The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.7 via the upload_to_library function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On Cloud instances, this issue allows for metadata retrieval.
Title Auto Featured Image (Auto Post Thumbnail) <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}
cve-icon MITRE

Status: REJECTED

Assigner: Wordfence

Published: 2025-10-28T05:27:29.647Z

Updated: 2026-01-16T13:38:47.020Z

Reserved: 2025-09-08T21:57:57.014Z

Link: CVE-2025-10145

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-10-28T06:15:38.057

Modified: 2026-01-16T14:15:53.783

Link: CVE-2025-10145

cve-icon Redhat

No data.