CVE Catalog

CVE-2026-12100

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile - higher than 20% of all known CVEs

Summary

The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 1.0 via the 'url' parameter. This allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application.

Risk Assessment

Attackers can exploit this vulnerability to access internal services, potentially leading to data leakage or information modification.

Recommendation

It is recommended to update the URL Preview plugin to the latest version to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS