CVE-2025-4431 – Unsplash WordPress Plugin Missing Capability Check Allows Unauthorized Data Modification

May 30, 2025

CVE ID : CVE-2025-4431

Published : May 30, 2025, 8:15 a.m. | 1 hour, 21 minutes ago

Description : The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fip_save_attach_featured function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update featured image of any post.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5236 – NinjaTeam Chat for Telegram WordPress Stored Cross-Site Scripting

Next Article CVE-2025-4943 – LA-Studio Element Kit for Elementor Stored Cross-Site Scripting Vulnerability

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Elon Musk teasing a Grok male companion inspired by “50 Shades of Grey” — beating Microsoft’s AI CEO at his own game

My favorite RTS castle builder from 2002 just got a brilliant remaster — and it’s only $16 on PC for a limited time

Razer Core X V2 vs. Razer Core X V1 — There’s only one eGPU you want in 2025

4 features on Windows 11 exclusive to Europe that Microsoft should make global

The details of TC39’s last meeting

The details of TC39’s last meeting

Conditional Collection Skipping with Laravel’s skipWhile Method

Deploying Laravel Applications on Laravel Cloud With MongoDB Atlas

Elon Musk teasing a Grok male companion inspired by “50 Shades of Grey” — beating Microsoft’s AI CEO at his own game

Elon Musk teasing a Grok male companion inspired by “50 Shades of Grey” — beating Microsoft’s AI CEO at his own game

My favorite RTS castle builder from 2002 just got a brilliant remaster — and it’s only $16 on PC for a limited time

Razer Core X V2 vs. Razer Core X V1 — There’s only one eGPU you want in 2025

CVE-2025-4431 – Unsplash WordPress Plugin Missing Capability Check Allows Unauthorized Data Modification

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CVE-2025-6339 – Ponaravindb Hospital Management System SQL Injection

OpenAI’s o3 and o4-mini Models Can Now Analyze Images Like a Human

Cloudflare’s 1.1.1.1 DNS Suffers Global Outage Due to Internal Configuration Error

Rilasciato Auto-cpufreq 2.6: Ottimizzazione avanzata della CPU su GNU/Linux

CVE-2025-7139 – SourceCodester Best Salon Management System Cross-Site Scripting

Scoperte 2 Nuove Vulnerabilità che Minacciano il Mondo GNU/Linux

Sam Altman’s $6.5 billion purchase might deliver an “iPhone of artificial intelligence” from OpenAI before Apple. Here’s how.

STOP ignoring mini PCs! Today’s your last chance to save on a bagel-sized Windows PC during Prime Day — YES, it runs my games

CVE-2025-4431 – Unsplash WordPress Plugin Missing Capability Check Allows Unauthorized Data Modification

Related Posts