CVE-2025-9985
published 2025-09-26CVE-2025-9985: The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through…
PriorityP279medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
11.07%
95.4th percentile
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| marceljm | featured_image_from_url | <= 5.2.7 | — |
| parse-community | parse-server | >= 0 < 8.6.1 | 8.6.1 |
| parse-community | parse-server | >= 9.0.0 < 9.1.0-alpha.3 | 9.1.0-alpha.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Send unauthenticated HTTP GET requests to the two exposed log file paths; a 200 response with body containing both '{"fifu-dimensions":' and '"Invalid size:' confirms exploitation. ↗
- →Presence of the FIFU plugin directory '/wp-content/plugins/featured-image-from-url/' on a WordPress site indicates a potentially vulnerable installation; use this as a pre-filter (publicwww-query). ↗
- →The vulnerability affects all FIFU plugin versions up to and including 5.2.7; version enumeration of the plugin can scope targets. ↗
- ·The Nuclei template uses 'stop-at-first-match: true', so only the first matching log file path will be confirmed per scan run; both paths should be checked independently for complete coverage. ↗
- ·Redirects are followed during detection; ensure your detection tooling also follows HTTP redirects to avoid false negatives. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables
ghsa·2025-12-16
CVE-2025-68115 [MEDIUM] CWE-79 Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables
Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables
## Impact
A Reflected Cross-Site Scripting (XSS) vulnerability exists in Parse Server's password reset and email verification HTML pages.
## Patches
The patch escapes user controlled values that are inserted into the HTML pages.
## Workarounds
None.
## Resources
- https://github.com/parse-community/parse-server/security/advisories/GHSA-jhgf-2h8h-ggxv
- https://github.com/parse-community/parse-server/pull/9985
- https://github.com/parse-community/parse-server/pull/9986
GHSA
GHSA-456r-h9vm-xcmj: The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5
ghsa_unreviewed·2025-09-26
CVE-2025-9985 [MEDIUM] CWE-532 GHSA-456r-h9vm-xcmj: The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.
VulnCheck
fifu featured_image_from_url Insertion of Sensitive Information into Log File
vulncheck·2025·CVSS 5.3
CVE-2025-9985 [MEDIUM] fifu featured_image_from_url Insertion of Sensitive Information into Log File
fifu featured_image_from_url Insertion of Sensitive Information into Log File
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.
Affected: fifu featured_image_from_url
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2025-9985
No detection rules found.
Nuclei
Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File
nuclei·CVSS 5.3
CVE-2025-9985 [MEDIUM] Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File
Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.
Template:
id: CVE-2025-9985
info:
name: Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File
author: zer0p0int
severity: medium
description: |
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/featured-image-from-url/trunk/admin/log.php?rev=3344903https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3362830%40featured-image-from-url&new=3362830%40featured-image-from-url&sfp_email=&sfph_mail=#file6https://www.wordfence.com/threat-intel/vulnerabilities/id/991d63da-ca6c-400e-beb7-b44cf629abc9?source=cve
2025-09-26
Published
Exploited in the wild