CVE-2026-12100
HighCVSS 7.2Exploitation Probability (EPSS)
Low risk20th percentile - higher than 20% of all known CVEs
Summary
The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 1.0 via the 'url' parameter. This allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application.
Risk Assessment
Attackers can exploit this vulnerability to access internal services, potentially leading to data leakage or information modification.
Recommendation
It is recommended to update the URL Preview plugin to the latest version to mitigate the risks associated with this vulnerability.
Original NVD description (English source)
The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

