CVE-2025-4431 – Unsplash WordPress Plugin Missing Capability Check Allows Unauthorized Data Modification

May 30, 2025

CVE ID : CVE-2025-4431

Published : May 30, 2025, 8:15 a.m. | 1 hour, 21 minutes ago

Description : The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fip_save_attach_featured function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update featured image of any post.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5236 – NinjaTeam Chat for Telegram WordPress Stored Cross-Site Scripting

Next Article CVE-2025-4943 – LA-Studio Element Kit for Elementor Stored Cross-Site Scripting Vulnerability

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Microsoft kills Movies & TV storefront on Windows and Xbox — here’s what will happen to your purchased media

Wacom says its new drawing tablet needs no setup and has a pen that can’t die

NordPass vs. Bitwarden: Which password manager is best?

Elon Musk teasing a Grok male companion inspired by “50 Shades of Grey” — beating Microsoft’s AI CEO at his own game

The details of TC39’s last meeting

The details of TC39’s last meeting

Conditional Collection Skipping with Laravel’s skipWhile Method

Deploying Laravel Applications on Laravel Cloud With MongoDB Atlas

Ubuntu 25.10 Shrinks its Raspberry Pi Install Footprint

Ubuntu 25.10 Shrinks its Raspberry Pi Install Footprint

Microsoft kills Movies & TV storefront on Windows and Xbox — here’s what will happen to your purchased media

Unplugged and Unstoppable: How Linux Transforms Laptop Power Management

CVE-2025-4431 – Unsplash WordPress Plugin Missing Capability Check Allows Unauthorized Data Modification

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CVE-2024-46899 – Hitachi Ops Center Analyzer Viewpoint OVF Authentication Credentials Leakage Vulnerability

Rilasciato DXVK 2.7: Miglioramenti per God of War, Watch Dogs 2 e Final Fantasy XIV

GitHub Availability Report: May 2025

The Identities Behind AI Agents: A Deep Dive Into AI & NHI

A different kind of color generator

Are Amazon Basics tools any good? I bought a bunch to find out, and you’d be surprised

Windows 7 would boot much slower if you used specific wallpapers — A veteran Microsoft engineer links the bug to a “simple programming error”

Microsoft Helps CBI Dismantle Indian Call Centers Behind Japanese Tech Support Scam

CVE-2025-4431 – Unsplash WordPress Plugin Missing Capability Check Allows Unauthorized Data Modification

Related Posts