WordPress Plugin Vulnerabilities

Visual Link Preview < 2.3.0 - Missing Authorization

Description

The Visual Link Preview plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
visual-link-preview
Fixed in 2.3.0

References

CVE
CVE-2026-24984
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/2ed28379-1fc0-4cf4-a507-7d0bdc9f7f4a

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
theviper17
Verified
No
WPVDB ID
4442996d-d471-4f76-8f33-0a53e362cb3e

Timeline

Publicly Published
2026-01-18 (about 4 months ago)
Added
2026-02-10 (about 4 months ago)
Last Updated
2026-02-10 (about 4 months ago)

Other

Published
Title
Published
2026-06-10
Title
Royal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP Tools
Published
2025-05-06
Title
Login Lockdown & Protection < 2.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary IP Whitelisting
Published
2025-04-03
Title
Uncanny Automator < 6.4.0 - Subscriber+ Privilege Escalation
Published
2026-04-13
Title
Booking Activities < 1.17.0 - Missing Authorization
Published
2023-12-07
Title
Alt Manager < 1.6.2 - Missing Authorization