Cm-wp Auto Featured Image — known CVE vulnerabilities
Every CVE whose affected-product data names Cm-wp Auto Featured Image, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2023-0477 — CVSS 8.8 (high): The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least…
CVE-2021-24932 — CVSS 6.1 (medium): The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before…