VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 3 known issues Latest disclosed Jan 18, 2026

Visual Link Preview Vulnerabilities

Review known vulnerability records for the WordPress plugin Visual Link Preview (`visual-link-preview`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-24984, CVE-2025-11987 and CVE-2021-24635, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
3
High or Critical
0
Patch Coverage
100%
Last Updated
Feb 10, 2026
Priority CVE Quick Links

Fast paths into Visual Link Preview CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
3
CVE-2025-11987 Medium 2.2.8
CVE-2025-11987 Visual Link Preview Stored Cross-Site Scripting

Visual Link Preview <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via visual-link-preview Shortcode

CVE-2021-24635 Medium 2.2.3
CVE-2021-24635 Visual Link Preview Cross-Site Request Forgery

Visual Link Preview <= 2.2.2 - Unauthorised AJAX Calls

CVE-2026-24984 Medium 2.3.0
CVE-2026-24984 Visual Link Preview Vulnerability

Visual Link Preview <= 2.2.9 - Missing Authorization

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Visual Link Preview so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
3 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2026-24984, CVE-2025-11987 and CVE-2021-24635
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Visual Link Preview

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-24984
CVE-2026-24984: Visual Link Preview <= 2.2.9 - Missing Authorization

The Visual Link Preview plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform a...

Published
Jan 18, 2026
Patched Release
2.3.0
Affected Versions
Versions up to 2.2.9
Next Step
Update to 2.3.0 or newer if supported.
Open CVE-2026-24984 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-11987
CVE-2025-11987: Visual Link Preview <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via visual-link-preview Shortcode

The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it p...

Published
Nov 04, 2025
Patched Release
2.2.8
Affected Versions
Versions up to 2.2.7
Next Step
Update to 2.2.8 or newer if supported.
Open CVE-2025-11987 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-24635
CVE-2021-24635: Visual Link Preview <= 2.2.2 - Unauthorised AJAX Calls

The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and con...

Published
Aug 18, 2021
Patched Release
2.2.3
Affected Versions
Versions before 2.2.3
Next Step
Update to 2.2.3 or newer if supported.
Open CVE-2021-24635 Report Open CVE Reference