Search criteria
4 vulnerabilities found for Automatic Featured Images from Videos by webdevstudios
CVE-2026-24535 (GCVE-0-2026-24535)
Vulnerability from nvd – Published: 2026-01-23 14:28 – Updated: 2026-01-26 19:04
VLAI?
Title
WordPress Automatic Featured Images from Videos plugin <= 1.2.7 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through <= 1.2.7.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| webdevstudios | Automatic Featured Images from Videos |
Affected:
n/a , ≤ <= 1.2.7
(custom)
|
Credits
Nabil Irawan | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-24535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T19:04:11.510603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T19:04:24.809Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "automatic-featured-images-from-videos",
"product": "Automatic Featured Images from Videos",
"vendor": "webdevstudios",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.7",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-01-23T15:28:10.344Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Automatic Featured Images from Videos: from n/a through \u003c= 1.2.7.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through \u003c= 1.2.7."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T14:28:51.072Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/automatic-featured-images-from-videos/vulnerability/wordpress-automatic-featured-images-from-videos-plugin-1-2-7-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Automatic Featured Images from Videos plugin \u003c= 1.2.7 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-24535",
"datePublished": "2026-01-23T14:28:51.072Z",
"dateReserved": "2026-01-23T12:31:40.820Z",
"dateUpdated": "2026-01-26T19:04:24.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31820 (GCVE-0-2025-31820)
Vulnerability from nvd – Published: 2025-04-01 14:51 – Updated: 2025-04-01 18:14
VLAI?
Title
WordPress Automatic Featured Images from Videos plugin <= 1.2.4 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Automatic Featured Images from Videos: from n/a through 1.2.4.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| webdevstudios | Automatic Featured Images from Videos |
Affected:
n/a , ≤ 1.2.4
(custom)
|
Credits
Marek Mikita (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31820",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T18:12:56.831950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T18:14:22.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "automatic-featured-images-from-videos",
"product": "Automatic Featured Images from Videos",
"vendor": "webdevstudios",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Marek Mikita (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos allows Exploiting Incorrectly Configured Access Control Security Levels.\u003c/p\u003e\u003cp\u003eThis issue affects Automatic Featured Images from Videos: from n/a through 1.2.4.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Automatic Featured Images from Videos: from n/a through 1.2.4."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T14:51:45.247Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/automatic-featured-images-from-videos/vulnerability/wordpress-automatic-featured-images-from-videos-plugin-1-2-4-broken-access-control-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Automatic Featured Images from Videos plugin \u003c= 1.2.4 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-31820",
"datePublished": "2025-04-01T14:51:45.247Z",
"dateReserved": "2025-04-01T13:20:32.605Z",
"dateUpdated": "2025-04-01T18:14:22.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-24535 (GCVE-0-2026-24535)
Vulnerability from cvelistv5 – Published: 2026-01-23 14:28 – Updated: 2026-01-26 19:04
VLAI?
Title
WordPress Automatic Featured Images from Videos plugin <= 1.2.7 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through <= 1.2.7.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| webdevstudios | Automatic Featured Images from Videos |
Affected:
n/a , ≤ <= 1.2.7
(custom)
|
Credits
Nabil Irawan | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-24535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T19:04:11.510603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T19:04:24.809Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "automatic-featured-images-from-videos",
"product": "Automatic Featured Images from Videos",
"vendor": "webdevstudios",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.7",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-01-23T15:28:10.344Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Automatic Featured Images from Videos: from n/a through \u003c= 1.2.7.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through \u003c= 1.2.7."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T14:28:51.072Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/automatic-featured-images-from-videos/vulnerability/wordpress-automatic-featured-images-from-videos-plugin-1-2-7-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Automatic Featured Images from Videos plugin \u003c= 1.2.7 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-24535",
"datePublished": "2026-01-23T14:28:51.072Z",
"dateReserved": "2026-01-23T12:31:40.820Z",
"dateUpdated": "2026-01-26T19:04:24.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31820 (GCVE-0-2025-31820)
Vulnerability from cvelistv5 – Published: 2025-04-01 14:51 – Updated: 2025-04-01 18:14
VLAI?
Title
WordPress Automatic Featured Images from Videos plugin <= 1.2.4 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Automatic Featured Images from Videos: from n/a through 1.2.4.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| webdevstudios | Automatic Featured Images from Videos |
Affected:
n/a , ≤ 1.2.4
(custom)
|
Credits
Marek Mikita (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31820",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T18:12:56.831950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T18:14:22.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "automatic-featured-images-from-videos",
"product": "Automatic Featured Images from Videos",
"vendor": "webdevstudios",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Marek Mikita (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos allows Exploiting Incorrectly Configured Access Control Security Levels.\u003c/p\u003e\u003cp\u003eThis issue affects Automatic Featured Images from Videos: from n/a through 1.2.4.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Automatic Featured Images from Videos: from n/a through 1.2.4."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T14:51:45.247Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/automatic-featured-images-from-videos/vulnerability/wordpress-automatic-featured-images-from-videos-plugin-1-2-4-broken-access-control-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Automatic Featured Images from Videos plugin \u003c= 1.2.4 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-31820",
"datePublished": "2025-04-01T14:51:45.247Z",
"dateReserved": "2025-04-01T13:20:32.605Z",
"dateUpdated": "2025-04-01T18:14:22.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}