CVE-2026-0686 in Webmention Plugininformation

Résumé (Anglaise)

The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 in the 'MF2::parse_authorpage' function via the 'Receiver::post' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsable

Wordfence

Réserver

07/01/2026

Divulgation

02/04/2026

Statut

Confirmé

Entrées

VulDB provides additional information and datapoints for this CVE:

ID	Vulnérabilité	CWE	Exp	Con	CVE
354832	pfefferle Webmention Plugin parse_authorpage élévation de privilèges	918	Non défini	Non défini	CVE-2026-0686

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

Sources

◂ PrécédentAperçuSuivant ▸

Do you know our Splunk app?

Download it now for free!