CVE-2026-12517
Received Received - Intake

Server-Side Request Forgery in Fediverse Embeds WordPress Plugin

Vulnerability report for CVE-2026-12517, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: WPScan

Description

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users (the gating nonce is exposed on public pages carrying an embed) to make the site request internal and private-network URLs and read back the parsed page metadata. This is a Server-Side Request Forgery.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
fediverse_embeds plugin to 1.5.8 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The Fediverse Embeds WordPress plugin before version 1.5.8 contains a Server-Side Request Forgery (SSRF) vulnerability in its site-info endpoint. This vulnerability occurs because the plugin does not validate the destination of server-side requests made by unauthenticated users. An attacker can exploit a leaked nonce found on public pages with embeds to make the server request internal or private network URLs. This allows anonymous users to retrieve parsed metadata from internal services that are normally not accessible externally.

Impact Analysis

This vulnerability can allow attackers to access internal or private network resources by making the server perform unauthorized requests. As a result, sensitive metadata from internal services can be exposed to attackers, potentially leading to information disclosure. Since the vulnerability bypasses authentication, even anonymous users can exploit it, increasing the risk of unauthorized data access.

Detection Guidance

This vulnerability can be detected by attempting to exploit the unauthenticated Server-Side Request Forgery (SSRF) in the site-info endpoint of the Fediverse Embeds WordPress plugin prior to version 1.5.8.

One approach is to craft a request to the vulnerable site-info endpoint using the leaked nonce from public pages containing a fediverse embed, targeting internal or private-network URLs and observing if parsed metadata from internal services is returned.

For example, using curl to send a request to the site-info endpoint with a crafted URL parameter pointing to an internal service might look like this:

  • curl -X GET 'https://target-site.com/wp-json/fediverse-embeds/v1/site-info?url=http://localhost' -H 'nonce: <leaked_nonce>'

If the response contains metadata from the internal URL, the vulnerability is present.

Mitigation Strategies

The immediate mitigation step is to update the Fediverse Embeds WordPress plugin to version 1.5.8 or later, where the vulnerability has been fixed by properly rejecting unauthorized requests to internal or private-network URLs.

Until the update can be applied, consider restricting access to the site-info endpoint or implementing firewall rules to block outgoing requests to internal IP ranges from the web server.

Compliance Impact

The vulnerability allows anonymous users to perform server-side request forgery (SSRF) to access internal and private-network URLs and read parsed page metadata. This unauthorized access to internal data could potentially lead to exposure of sensitive information.

Such exposure of internal or private data may impact compliance with standards and regulations like GDPR or HIPAA, which require protection of personal and sensitive information from unauthorized access or disclosure.

However, the provided information does not explicitly state the exact compliance impact or whether any personal data is involved.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12517. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart