Description

The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Severity (CVSS)

Base score7.2
SeverityHigh
VersionCVSS 3.1
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Provided byCNA

Weaknesses

  • CWE-918 — CWE-918 Server-Side Request Forgery (SSRF)

Affected products

VendorProductVersions
abhisheksaha11URL Preview0 to <=1.0

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 24 Jun 2026 09:35 UTC.