CVE-2026-54821
Deferred Deferred - Pending Action

Subscriber Sensitive Data Exposure in Visual Link Preview

Vulnerability report for CVE-2026-54821, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-06-26

Assigner: Patchstack

Description

Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-06-26
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
visual_link_preview plugin to 2.4.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-54821 is a vulnerability in the WordPress Visual Link Preview Plugin versions 2.3.1 and below that leads to sensitive data exposure. This means attackers could potentially access confidential information that should normally be restricted to regular users.

The vulnerability has a moderate severity with a CVSS score of 7.4 and can be exploited remotely with low attack complexity and no user interaction required.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive subscriber data, potentially exposing confidential information to attackers.

Such exposure could be exploited in mass campaigns targeting many websites, increasing the risk of data breaches and privacy violations.

If exploited, it could compromise the confidentiality, integrity, and availability of the affected systems.

Mitigation Strategies

To mitigate the vulnerability in the Visual Link Preview plugin (versions 2.3.1 and below), users are strongly advised to update the plugin to version 2.4.0 immediately.

If updating is not possible, it is recommended to seek assistance from a hosting provider or a web developer to help mitigate the risk.

No virtual patch is available for this specific issue, so updating is the primary mitigation step.

Compliance Impact

The vulnerability in the Visual Link Preview plugin versions 2.3.1 and below involves sensitive data exposure, where attackers could access confidential information typically restricted to regular users.

Such exposure of sensitive subscriber data could potentially lead to non-compliance with data protection regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information from unauthorized access.

Organizations using affected versions of this plugin may face increased risk of data breaches, which can result in regulatory penalties and reputational damage if the vulnerability is exploited.

Updating to the patched version 2.4.0 is strongly advised to mitigate these risks and help maintain compliance with relevant data protection standards.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54821. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart