CVE-2026-57431
Deferred Deferred - Pending Action
Author XSS in Featured Image Plugin

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-57431
EUVD
EUVD-2026-39739
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
patchstack featured_image_plugin to 2.1 (inc)
patchstack author_cross_site_scripting to 2.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The WordPress Featured Image Plugin, versions 2.1 and below, contains a Cross Site Scripting (XSS) vulnerability. This security flaw allows attackers to inject malicious scripts into websites through the plugin.

Exploitation requires a privileged user to perform an action, such as clicking a malicious link.

The vulnerability is classified under OWASP Top 10 A3: Injection and has a CVSS score of 6.5.

Impact Analysis

If exploited, this vulnerability could allow attackers to execute malicious scripts on your website, potentially leading to unauthorized actions or data exposure.

Since exploitation requires a privileged user to interact with a malicious link, the risk is somewhat limited but still significant.

The impact includes potential loss of confidentiality, integrity, and availability of your website's data.

Mitigation Strategies

To mitigate the vulnerability in the WordPress Featured Image Plugin versions 2.1 and below, users should immediately update the plugin to version 2.2 or later.

Additionally, Patchstack users can enable auto-updates for vulnerable plugins to ensure timely patching.

Compliance Impact

The provided information does not specify how the Cross Site Scripting (XSS) vulnerability in the WordPress Featured Image Plugin affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability affects the WordPress Featured Image Plugin versions 2.1 and below. Detection involves identifying if the vulnerable plugin version is installed on your WordPress site.

One way to detect the vulnerability is to check the plugin version installed on your WordPress system. You can do this by accessing the WordPress admin dashboard or by inspecting the plugin files directly.

For command-line detection, you can use commands to check the plugin version in the WordPress plugins directory. For example, if you have shell access to the server, you can run:

  • grep -i 'Version' wp-content/plugins/featured-image-plugin/readme.txt
  • or
  • cat wp-content/plugins/featured-image-plugin/featured-image-plugin.php | grep 'Version'

If the version is 2.1 or below, the plugin is vulnerable to the described Cross Site Scripting (XSS) issue.

Additionally, monitoring for suspicious user actions or unexpected script injections in the website content could indicate exploitation attempts, but no specific network detection commands are provided.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57431. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart