9 matches found
CVE-2026-0686
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 in the 'MF2::parseauthorpage' function via the 'Receiver::post' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...
CVE-2026-0688
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 via the 'Tools::read' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...
CVE-2026-0686
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 in the 'MF2::parseauthorpage' function via the 'Receiver::post' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...
WordPress Webmention plugin <= 5.6.2 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by Duong Quang Hao in WordPress Plugin Webmention versions = 5.6.2...
CVE-2026-0686 Webmention <= 5.6.2 - Unauthenticated Blind Server-Side Request Forgery
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 in the 'MF2::parseauthorpage' function via the 'Receiver::post' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...
CVE-2026-0688
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 via the 'Tools::read' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...
CVE-2026-0688
The CVE concerns the WordPress Webmention plugin (versions up to and including 5.6.2) with a Server-Side Request Forgery due to Tools::read. An authenticated attacker with Subscriber-level access or higher can cause the web application to issue requests to arbitrary external/internal locations, p...
PT-2026-29687
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 via the 'Tools::read' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...
WordPress Webmention Plugin <= 4.0.8 is vulnerable to Cross Site Scripting (XSS)
Software Webmention Type Plugin Vulnerable versions = 4.0.8 Fixed in 4.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 7c19ab8b5561 Credits Unknown Required privilege...