PT-2026-51673 · Abhisheksaha11 · Z-Url Preview

Yu-Sheng Yu

Published

2026-06-24

Updated

2026-06-24

CVE-2026-12100

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-12100

Affected Products

Z-Url Preview

PT-2026-51673 · Abhisheksaha11 · Z-Url Preview

CVE-2026-12100

Weakness Enumeration

Related Identifiers

Affected Products

References · 4