CVE-2026-54821
Deferred Deferred - Pending Action
Subscriber Sensitive Data Exposure in Visual Link Preview

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: Patchstack

Description
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-54821
EUVD
EUVD-2026-39363
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
visual_link_preview plugin to 2.4.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in the Visual Link Preview plugin versions 2.3.1 and below involves sensitive data exposure, where attackers could access confidential information typically restricted to regular users.

Such exposure of sensitive subscriber data could potentially lead to non-compliance with data protection regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information from unauthorized access.

Organizations using affected versions of this plugin may face increased risk of data breaches, which can result in regulatory penalties and reputational damage if the vulnerability is exploited.

Updating to the patched version 2.4.0 is strongly advised to mitigate these risks and help maintain compliance with relevant data protection standards.

Executive Summary

CVE-2026-54821 is a vulnerability in the WordPress Visual Link Preview Plugin versions 2.3.1 and below that leads to sensitive data exposure. This means attackers could potentially access confidential information that should normally be restricted to regular users.

The vulnerability has a moderate severity with a CVSS score of 7.4 and can be exploited remotely with low attack complexity and no user interaction required.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive subscriber data, potentially exposing confidential information to attackers.

Such exposure could be exploited in mass campaigns targeting many websites, increasing the risk of data breaches and privacy violations.

If exploited, it could compromise the confidentiality, integrity, and availability of the affected systems.

Mitigation Strategies

To mitigate the vulnerability in the Visual Link Preview plugin (versions 2.3.1 and below), users are strongly advised to update the plugin to version 2.4.0 immediately.

If updating is not possible, it is recommended to seek assistance from a hosting provider or a web developer to help mitigate the risk.

No virtual patch is available for this specific issue, so updating is the primary mitigation step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54821. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart