103 matches found
Exploit for CVE-2025-11262
CVE Lab: CVE-2025-11262 - Link Whisper Free Unauthenticated St...
CVE-2026-1900
The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...
CVE-2025-11262
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress Link Whisper Free plugin <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin Link Whisper Free versions = 0.9.0...
CVE-2025-11262
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-11262 Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-11262
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-11262 Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-11262
The CVE concerns the WordPress plugin Link Whisper Free (up to version 0.9.0). It is an unauthenticated stored XSS via the REST endpoint where the attacker-supplied value in the user_id parameter is persisted and later rendered in the admin UI, enabling JavaScript execution when a privileged admi...
EUVD-2025-209983
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
PT-2026-44755
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user id parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress plugin Link Whisper Free 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress Link Whisper Free plugin < 0.9.1 - Unauthenticated Settings and User Meta Update vulnerability
Unauthenticated Settings and User Meta Update vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Link Whisper Free versions 0.9.1...
EUVD-2026-19576
The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...
CVE-2026-1900
The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...
CVE-2026-1900 Link Whisper Free < 0.9.1 - Unauthenticated Settings and User Meta Update
The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...
CVE-2026-1900
The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...
CVE-2026-1900 Link Whisper Free < 0.9.1 - Unauthenticated Settings and User Meta Update
The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...
CVE-2026-1900
The CVE-2026-1900 entry relates to the WordPress plugin Link Whisper Free (versions prior to 0.9.1). A publicly accessible REST endpoint allows unauthenticated users to update settings, which is the root cause of the vulnerability. Impact is described as unauthenticated settings updates; practica...
PT-2026-30797
Name of the Vulnerable Software and Affected Versions Link Whisper Free WordPress plugin versions prior to 0.9.1 Description The Link Whisper Free WordPress plugin has a publicly accessible REST endpoint that allows unauthenticated users to update settings. Recommendations Update to version 0.9.1...