CVE-2025-11980 | Quick Featured Images Plugin up to 13.7.3 on WordPress delete_orphaned sql injection

November 8, 2025 Yanac

A vulnerability was found in Quick Featured Images Plugin up to 13.7.3 on WordPress. It has been rated as critical. This affects the function delete_orphaned. The manipulation leads to sql injection.

This vulnerability is referenced as CVE-2025-11980. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More

CVE-2025-11448 | Gallery Plugin up to 1.11.0 on WordPress REST API Endpoint bulk-convert authorization
CVE-2025-12399 | Alex Reservations Smart Restaurant Booking Plugin up to 2.2.3 on WordPress REST Endpoint file unrestricted upload