What is CVE-2026-12100?

CVE-2026-12100 is a high-severity vulnerability in Abhisheksaha11 Url Preview, classified under Server-Side Request Forgery (SSRF). CVSS score: 7.2/10. Published 2026-06-24.

How severe is CVE-2026-12100?

High severity. CVSS v3 base score is 7.2 out of 10.

SSRF in Abhisheksaha11 Url Preview

CVE-2026-12100

The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary loc…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.003 (19.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N.

Affected products

Abhisheksaha11 Url Preview — versions 0

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

security@wordfence.com
security@wordfence.com
security@wordfence.com

Frequently asked questions

What is CVE-2026-12100?: CVE-2026-12100 is a high-severity vulnerability in Abhisheksaha11 Url Preview, classified under Server-Side Request Forgery (SSRF). CVSS score: 7.2/10. Published 2026-06-24.
How severe is CVE-2026-12100?: High severity. CVSS v3 base score is 7.2 out of 10.