CVE-2026-24984
Missing Authorization in Brecht Visual Link Preview
Publication date: 2026-02-03
Last updated on: 2026-02-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | visual_link_preview | 2.2.9 |
| patchstack | visual_link_preview | 2.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24984 is a Broken Access Control vulnerability in the WordPress Visual Link Preview Plugin versions up to and including 2.2.9.
The issue arises from missing authorization, authentication, or nonce token checks within certain plugin functions.
This allows unprivileged users, such as those with Contributor or Developer roles, to perform actions that should be restricted to higher-privileged roles.
The vulnerability is classified under the OWASP Top 10 category A1: Broken Access Control.
How can this vulnerability impact me? :
This vulnerability allows users with lower privileges to perform actions reserved for higher-privileged roles, potentially leading to unauthorized changes or access within the WordPress site.
However, the impact is considered low priority and the risk of exploitation is unlikely.
Users are advised to update the plugin to version 2.3.0 or later to mitigate this risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability arises from missing authorization checks in the WordPress Visual Link Preview Plugin up to version 2.2.9, allowing unprivileged users to perform restricted actions.
There are no specific network or system detection commands provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'To mitigate this vulnerability, immediately update the WordPress Visual Link Preview Plugin to version 2.3.0 or later, where the issue is resolved.'}, {'type': 'paragraph', 'content': "Alternatively, use Patchstack's automated update service for vulnerable plugins to facilitate rapid mitigation."}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a Broken Access Control issue allowing users with lower privileges to perform actions reserved for higher-privileged roles. Such unauthorized access could potentially lead to unauthorized data exposure or modification.
While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, broken access control vulnerabilities generally pose risks to data confidentiality and integrity, which are critical aspects of these regulations.
Therefore, if exploited, this vulnerability could negatively impact compliance with regulations that require strict access controls and protection of sensitive data.