WordPress · Dato Cms Web Previews · CVE-2026-3327
**Name of the Vulnerable Software and Affected Versions**
Dato CMS Web Previews plugin versions prior to 1.0.31
**Description**
A malicious authenticated user can bypass the configured frontend URL restriction, allowing arbitrary external resources or origins to be loaded. This is due to an authenticated iframe injection issue.
**Recommendations**
Update to version 1.0.31 or later.