PatchSiren cyber security CVE debrief
CVE-2026-48878 Bootstrapped Ventures CVE debrief
CVE-2026-48878 is a medium-severity vulnerability (CVSS Score: 6.5) affecting the Visual Link Preview plugin for WordPress. The plugin, up to version 2.4.1, is vulnerable to subscriber sensitive data exposure. This vulnerability allows an attacker to access sensitive information, potentially compromising user data.
- Vendor
- Bootstrapped Ventures
- Product
- Visual Link Preview
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the Visual Link Preview plugin for WordPress, particularly those with subscriber-level access, should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability, classified under CWE-497, allows an attacker with low privileges (subscriber-level access) to access sensitive data without requiring user interaction. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Defensive priority
Medium
Recommended defensive actions
- Update the Visual Link Preview plugin to a version beyond 2.4.1.
- Review and restrict subscriber-level access to sensitive data.
- Monitor for any suspicious activity related to subscriber data access.
Evidence notes
Evidence of this vulnerability comes from Patchstack's audit, as referenced in the CVE record.
Official resources
-
CVE-2026-48878 CVE record
CVE.org
-
CVE-2026-48878 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-48878 was published on 2026-06-15T21:17:17.140Z and modified on 2026-06-15T21:24:32.790Z.