๐Ÿ” CVE Alert

CVE-2026-12516

MEDIUM 5.3

Fediverse Embeds < 1.5.8 - Unauthenticated SSRF via Media Proxy

CVSS Score
5.3
EPSS Score
0.1%
EPSS Percentile
3th

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated media-proxying endpoint, allowing anonymous users to make the site fetch arbitrary URLs, including internal and private-network addresses, and read back the response body. This results in a full-read Server-Side Request Forgery and open proxy.

Vendor unknown
Product fediverse embeds
Published Jul 9, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for unknown fediverse embeds

Be the first to know when new medium vulnerabilities affecting unknown fediverse embeds are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / Fediverse Embeds
0 < 1.5.8

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/2ac80164-03b7-4966-b022-833b4194de80/

Credits

0xBassia WPScan