CVE Catalog

CVE-2026-57431

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

The Featured Image plugin for WordPress version 2.1 and earlier contains a Cross-Site Scripting (XSS) vulnerability in the author function. This allows an unauthenticated attacker to inject malicious JavaScript code.

Risk Assessment

An attacker can exploit this vulnerability to steal administrator sessions, redirect users to malicious sites, or perform other actions in the victim's browser context, potentially leading to full site compromise.

Recommendation

Immediately update the Featured Image plugin to the latest available version that fixes this vulnerability. If no update is available, consider temporarily disabling the plugin.

Original NVD description (English source)

Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS