Back to CVE List

CVE-2026-12516

Vulnerability Description

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated media-proxying endpoint, allowing anonymous users to make the site fetch arbitrary URLs, including internal and private-network addresses, and read back the response body. This results in a full-read Server-Side Request Forgery and open proxy.

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
Unknown
Product
Fediverse Embeds

External References

Discussion (0)

Add Comment

No comments yet. Be the first!