Threat Entry Updated 2025-07-25

CVE-2025-5818 - Bulk Edit With Unsplash Plugin

The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.4 via the fip_get_image_options() function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

PLUGIN Bulk Edit With Unsplash

CVE-2025-5818

MEDIUM CVSS 5.5 2025-07-23

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-06-04

CVE-2025-4431 - Bulk Edit With Unsplash Plugin

The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fip_save_attach_featured function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update featured image of any post.

PLUGIN Bulk Edit With Unsplash

CVE-2025-4431

MEDIUM CVSS 4.3 2025-05-30

Risk Score

Open Full Technical Breakdown