PT-2026-29686 · WordPress · Webmention
Pfefferle
·
Published
2026-04-02
·
Updated
2026-04-02
·
CVE-2026-0686
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Webmention plugin for WordPress versions up to and including 5.6.2
Description
The Webmention plugin for WordPress is susceptible to Server-Side Request Forgery in versions up to and including 5.6.2. This issue resides within the
MF2::parse authorpage function, accessible through the Receiver::post function. An unauthenticated attacker can leverage this to make web requests to arbitrary locations originating from the web application, potentially querying and modifying information from internal services.Recommendations
Update the Webmention plugin to a version later than 5.6.2.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webmention