Server-Side Request Forgery in Brecht Visual Link Preview Plugin
CVE-2026-39670

6MEDIUM

Key Information:

Vendor: WordPress
Status: Visual Link Preview
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-39670?

A Server-Side Request Forgery (SSRF) vulnerability exists in the Brecht Visual Link Preview plugin, enabling attackers to trick the server into making unauthorized HTTP requests. This issue impacts all versions up to 2.3.0, allowing exploitation that could lead to subsequent attacks on internal systems or sensitive data exposure. Website administrators using this plugin are urged to take immediate action to mitigate potential risks.

Affected Version(s)

Visual Link Preview 0 <= 2.3.0

References

https://patchstack.com/database/Wordpress/Plugin/visual-l...

vdb-entry

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

Nguyen Ba Khanh | Patchstack Bug Bounty Program

CVE-2026-39670 Data

JSON