What the vulnerability does
01Description
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.
Explanation of Vulnerability in Simple Terms
Visual Link Preview versions up to 2.4.1 expose sensitive information to authenticated users. An attacker with a low-privilege account can read data they should not have access to. The vulnerability requires network access and valid login credentials but no user interaction. No integrity or availability impact occurs.
What an attacker can do
Read sensitive data belonging to other users or the site.
Potential impact on your site
Authenticated users can access confidential information beyond their permission level.
Conditions required to exploit
Valid low-privilege account on the site; network access.
Key dates
External resources
Related vulnerabilities