Report
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.9.15. This allows authenticated users with author-level permissions to upload arbitrary files from remote sources onto the affected site's server which may make remote code execution possible.
Score:9.1
Severity:Critical
Version:< 3.9.16
There is a patch available in v3.9.16 and we strongly recommend you update to this version as soon as possible.
