PT-2026-29687 · WordPress · Webmention
Pfefferle
+1
·
Published
2026-04-02
·
Updated
2026-04-02
·
CVE-2026-0688
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Webmention plugin for WordPress versions up to and including 5.6.2
Description
The Webmention plugin for WordPress is susceptible to Server-Side Request Forgery (SSRF) in versions up to and including 5.6.2. This is due to a flaw in the
Tools::read function. Authenticated attackers with Subscriber-level access or higher can leverage this to make web requests to arbitrary locations originating from the web application, potentially querying and modifying information from internal services.Recommendations
Update the Webmention plugin to a version later than 5.6.2.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webmention