Alobaidi Extend Link allows attackers to make fake server requests

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.9

Alobaidi Extend Link allows attackers to make fake server requests

CVE-2026-25310

Summary

A vulnerability in Alobaidi Extend Link allows an attacker to trick the software into making unintended requests to any server on the internet, potentially revealing sensitive information or taking control of the system. This affects Extend Link versions through 2.0.0. Update to a fixed version to prevent this risk.

Original title

Server-Side Request Forgery (SSRF) vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through <= 2.0.0.

Original description

Server-Side Request Forgery (SSRF) vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through <= 2.0.0.

nvd CVSS3.1 4.9

Vulnerability type

CWE-918 Server-Side Request Forgery (SSRF)

https://patchstack.com/database/Wordpress/Plugin/extend-link/vulnerability/wordp...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026