Security Risk Category
fediverse-embeds Security Risks
Published vulnerability pages connected to fediverse-embeds. One risk can appear in multiple categories while keeping one canonical page.
fediverse-embeds risks
Showing 2 of 2 published risks.
Fediverse Embeds WordPress Plugin Media Proxy SSRF Vulnerability
The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated media-proxying endpoint, allowing anonymous users to make the site fetch arbitrary URLs, including internal and private-network addresses, and read back the response body. This results in a full-read Server-Side Request Forgery and open proxy.
Updated Jul 10, 2026
Fediverse Embeds WordPress Plugin Site Info SSRF Vulnerability
The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users (the gating nonce is exposed on public pages carrying an embed) to make the site request internal and private-network URLs and read back the parsed page metadata. This is a Server-Side Request Forgery.
Updated Jul 10, 2026
