4 matches found
CVE-2026-12517
The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...
CVE-2026-12517 Fediverse Embeds < 1.5.8 - Unauthenticated SSRF via Site Info Endpoint
The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...
CVE-2026-12517
CVE-2026-12517 : The Fediverse Embeds WordPress plugin is vulnerable to a Server-Side Request Forgery (SSRF) because the destination of a server-side request from the unauthenticated site-info endpoint is not validated. This allows anonymous users to trigger requests to internal/private network U...
EUVD-2026-42513
The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...