VYPR

Visual Link Preview

by WordPress

Source repositories

CVEs (5)

  • CVE-2026-48878MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.

  • CVE-2026-24984MedFeb 3, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through <= 2.2.9.

  • CVE-2026-39670MedApr 8, 2026
    risk 0.39cvss 6.0epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0.

  • CVE-2025-11987MedNov 5, 2025
    risk 0.35cvss 6.4epss 0.00

    The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2021-24635Sep 20, 2021
    risk 0.00cvss epss 0.01

    The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and…