CVE-2026-1313

Name of the Vulnerable Software and Affected Versions MimeTypes Link Icons plugin for WordPress versions up to and including 3.2.20

Description The MimeTypes Link Icons plugin for WordPress is susceptible to Server-Side Request Forgery. This occurs because the plugin makes outbound HTTP requests to user-controlled URLs without sufficient validation when the "Show file size" option is enabled. Authenticated attackers with Contributor-level access or higher can leverage this to make web requests to arbitrary locations from the web application. This could allow querying and modification of information from internal services through crafted links within post content.

Recommendations Update the MimeTypes Link Icons plugin to a version later than 3.2.20.