{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24984", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-28T09:50:46.305Z", "datePublished": "2026-02-03T14:08:35.984Z", "dateUpdated": "2026-04-28T16:14:52.567Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "visual-link-preview", "product": "Visual Link Preview", "vendor": "Brecht", "versions": [{"changes": [{"at": "2.3.0", "status": "unaffected"}], "lessThanOrEqual": "2.2.9", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "theviper17 | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:05:00.091Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Visual Link Preview: from n/a through <= 2.2.9.</p>"}], "value": "Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through <= 2.2.9."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:52.567Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/visual-link-preview/vulnerability/wordpress-visual-link-preview-plugin-2-2-9-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Visual Link Preview plugin <= 2.2.9 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-03T16:37:21.681340Z", "id": "CVE-2026-24984", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T15:33:12.264Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24984", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-03T16:37:21.681340Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T16:29:26.764Z"}}], "cna": {"title": "WordPress Visual Link Preview plugin <= 2.2.9 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "theviper17 | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Brecht", "product": "Visual Link Preview", "versions": [{"status": "affected", "changes": [{"at": "2.3.0", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "2.2.9"}], "packageName": "visual-link-preview", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-28T13:26:32.766Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/visual-link-preview/vulnerability/wordpress-visual-link-preview-plugin-2-2-9-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through <= 2.2.9.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Visual Link Preview: from n/a through <= 2.2.9.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T12:10:47.808Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24984", "state": "PUBLISHED", "dateUpdated": "2026-04-28T15:33:12.264Z", "dateReserved": "2026-01-28T09:50:46.305Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-03T14:08:35.984Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through <= 2.2.9."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Brecht Visual Link Preview visual-link-preview permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Visual Link Preview: desde n/a hasta &lt;= 2.2.9."}], "id": "CVE-2026-24984", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-03T15:16:17.517", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/visual-link-preview/vulnerability/wordpress-visual-link-preview-plugin-2-2-9-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T01:17:34.893182+00:00", "value": {"mitigation_remediation": ["Upgrade the Visual Link Preview plugin to version 2.3.0 or later", "Disable the plugin if an upgrade cannot be performed immediately", "Delete the plugin files from the WordPress installation to eliminate the attack surface"], "summary": {"action": "Apply Patch", "impact": "Unauthorized Access / Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The issue affects the Visual Link Preview plugin by Brecht, available for WordPress installations. Versions from the initial release up through 2.2.9 are impacted. Any WordPress site that has this plugin installed and has not upgraded beyond 2.2.9 is potentially vulnerable.", "description_and_impact": "Missing authorization in the Visual Link Preview plugin allows an attacker to perform actions meant for privileged users. By bypassing access checks, an attacker can manipulate plugin functionality or access sensitive data. This weakness aligns with CWE\u2011862 (Missing Authorization) and can result in unauthorized changes or data exposure.", "risk_and_exploitability": "With a CVSS score of 6.5, the vulnerability presents a high impact to confidentiality, integrity, and availability. The EPSS score is below 1%, indicating a low likelihood of active exploitation at the time of this assessment. The plugin can be accessed over the web, so the attack vector is likely unauthenticated HTTP requests to plugin endpoints. Although no public exploit code is known, the combination of global availability and lack of authorization makes the risk significant for sites that cannot immediately patch."}}}}, "created": "2026-02-04T12:09:23.631245+00:00", "updated": "2026-04-16T01:30:20.303208+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}