Visual Link Preview
by WordPress
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-48878 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions. | ||
| CVE-2026-24984 | Med | 0.42 | 6.5 | 0.00 | Feb 3, 2026 | Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through <= 2.2.9. | ||
| CVE-2026-39670 | Med | 0.39 | 6.0 | 0.00 | Apr 8, 2026 | Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0. | ||
| CVE-2025-11987 | Med | 0.35 | 6.4 | 0.00 | Nov 5, 2025 | The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2021-24635 | 0.00 | — | 0.01 | Sep 20, 2021 | The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and… |
- risk 0.42cvss 6.5epss 0.00
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through <= 2.2.9.
- risk 0.39cvss 6.0epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0.
- risk 0.35cvss 6.4epss 0.00
The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- CVE-2021-24635Sep 20, 2021risk 0.00cvss —epss 0.01
The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and…