CVE-2022-2241: 
WordPress vulnerability analysis and mitigation

The Featured Image from URL WordPress plugin versions before 4.0.0 contained a vulnerability identified as CVE-2022-2241. The vulnerability was discovered and publicly disclosed on July 11, 2022, affecting the plugin's settings management functionality (WPScan).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) combined with a Stored Cross-Site Scripting (XSS) issue. The plugin lacked proper CSRF protection mechanisms in its settings update functionality, and certain settings fields were not properly validated, sanitized, or escaped. The vulnerability has been assigned CWE-352 (CSRF) and CWE-79 (XSS) classifications, with a CVSS score of 6.1 (medium severity) (WPScan).

If exploited, this vulnerability could allow attackers to manipulate plugin settings through CSRF attacks when an administrator is logged in. Additionally, the stored XSS component could be triggered when accessing the settings page, potentially leading to the execution of malicious JavaScript code in the administrator's browser (WPScan).

The vulnerability has been fixed in version 4.0.0 of the Featured Image from URL plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).