cleantalk
Vulnerabilities and Security Researches

Visual Link Preview, CVE-2021-24635

CVE, Research URL

CVE-2021-24635

Home page URL

Security reports for Visual Link Preview

Application

Visual Link Preview

Published on
Sep 20, 2021
Research Description
The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL
Affected versions
max 2.2.3.
Status
vulnerable
Previous vulnerability researches
Visual Link Preview (CVE-2025-11987) , Nov 11, 2025
Visual Link Preview (CVE-2021-24635) , Jun 07, 2024
New vulnerability
External Login (CVE-2025-11177) , Nov 11, 2025
External Login (CVE-2025-11196) , Nov 11, 2025
JB News Ticker (CVE-2025-11804) , Nov 11, 2025
My auctions allegro (CVE-2025-10048) , Nov 11, 2025
Sertifier Certificates & Open Badges – Tutor LMS (CVE-2025-53214) , Nov 11, 2025