CVE-2026-57431
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
The Featured Image plugin for WordPress version 2.1 and earlier contains a Cross-Site Scripting (XSS) vulnerability in the author function. This allows an unauthenticated attacker to inject malicious JavaScript code.
Risk Assessment
An attacker can exploit this vulnerability to steal administrator sessions, redirect users to malicious sites, or perform other actions in the victim's browser context, potentially leading to full site compromise.
Recommendation
Immediately update the Featured Image plugin to the latest available version that fixes this vulnerability. If no update is available, consider temporarily disabling the plugin.
Original NVD description (English source)
Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.

