WordPress Plugin Vulnerabilities

Automatic Featured Images from Videos < 1.2.5 - Missing Authorization

Description

The Automatic Featured Images from Videos plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
automatic-featured-images-from-videos
Fixed in 1.2.5

References

CVE
CVE-2025-31820
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/359ab91d-5b60-460b-b6f2-90a5afa675ea

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Marek Mikita
Verified
No
WPVDB ID
65b4e02e-3424-4fa6-9eaa-6eb64dfc1b72

Timeline

Publicly Published
2025-04-01 (about 1 year ago)
Added
2025-04-08 (about 1 year ago)
Last Updated
2025-04-08 (about 1 year ago)

Other

Published
Title
Published
2026-01-07
Title
Dashboard Welcome for Beaver Builder <= 1.0.8 - Missing Authorization
Published
2025-10-14
Title
Welcart e-Commerce < 2.11.25 - Missing Authorization
Published
2025-09-22
Title
WP Compress < 6.50.55 - Missing Authorization
Published
2024-06-03
Title
Master Addons for Elementor < 2.0.5.6 - Missing Authorization via get_jltma_save_menuitem_settings()
Published
2024-11-19
Title
WP Project Manager < 2.6.15 - Missing Authorization to Project Milestone and Task Creation/Deletion