The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users (the gating nonce is exposed on public pages carrying an embed) to make the site request internal and private-network URLs and read back the parsed page metadata. This is a Server-Side Request Forgery.
Metrics
Affected Vendors & Products
References
History
Thu, 09 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Thu, 09 Jul 2026 07:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users (the gating nonce is exposed on public pages carrying an embed) to make the site request internal and private-network URLs and read back the parsed page metadata. This is a Server-Side Request Forgery. | |
| Title | Fediverse Embeds < 1.5.8 - Unauthenticated SSRF via Site Info Endpoint | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-07-09T12:51:27.261Z
Reserved: 2026-06-17T12:47:07.188Z
Link: CVE-2026-12517
Updated: 2026-07-09T12:51:23.810Z
No data.
No data.
OpenCVE Enrichment
No data.