Lucene search
K

111 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57353

Subscriber Broken Access Control in Link Whisper Premium = 2.9.0 versions...

6.5CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday25 views

CVE-2026-57353 WordPress Link Whisper Premium plugin <= 2.9.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in Link Whisper Premium = 2.9.0 versions...

6.5CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57353

The CVE concerns WordPress Link Whisper Premium plugin &lt;= 2.9.0 with a Broken Access Control issue. The accompanying CVSS data (Patchstack, v3.1) indicates an external attack over network, with low privileges and no user interaction, potentially affecting integrity (I: High) while confidential...

6.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-57333

Unauthenticated Cross Site Scripting XSS in Link Whisper Free = 0.9.4 versions...

7.1CVSS0.00146EPSS
Exploits0References1
CVE
CVE
added 4 days ago13 views

CVE-2026-57333

CVE-2026-57333 describes an unauthenticated reflected Cross Site Scripting (XSS) vulnerability in the WordPress plugin Link Whisper Free , affecting versions up to and including 0.9.4 . The connected sources consistently identify it as a reflected XSS issue in the Free plugin; no root-cause detai...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40104

Unauthenticated Cross Site Scripting XSS in Link Whisper Free = 0.9.4 versions...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago27 views

CVE-2026-57333 WordPress Link Whisper Free plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Link Whisper Free = 0.9.4 versions...

7.1CVSS0.00146EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-53294

Name of the Vulnerable Software and Affected Versions Link Whisper Free versions prior to 0.9.5 Description Unauthenticated Cross Site Scripting XSS allows an attacker to execute malicious scripts in the browser of a user without requiring authentication. Recommendations Update Link Whisper Free ...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/06/09 3:56 p.m.59 views

Exploit for CVE-2025-11262

CVE Lab: CVE-2025-11262 - Link Whisper Free Unauthenticated St...

7.2CVSS5.4AI score0.00233EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-1900

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...

6.5CVSS5.5AI score0.00186EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.11 views

CVE-2025-11262

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS5.7AI score0.00233EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/05/29 1:16 p.m.16 views

WordPress Link Whisper Free plugin <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin Link Whisper Free versions = 0.9.0...

7.2CVSS5.8AI score0.00233EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/05/29 8:16 a.m.14 views

CVE-2025-11262

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS0.00233EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/29 6:43 a.m.35 views

CVE-2025-11262 Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS0.00233EPSS
Exploits1References3
CVE
CVE
added 2026/05/29 6:43 a.m.25 views

CVE-2025-11262

The CVE concerns the WordPress plugin Link Whisper Free (up to version 0.9.0). It is an unauthenticated stored XSS via the REST endpoint where the attacker-supplied value in the user_id parameter is persisted and later rendered in the admin UI, enabling JavaScript execution when a privileged admi...

7.2CVSS6AI score0.00233EPSS
In wildExploits1References3
EUVD
EUVD
added 2026/05/29 6:43 a.m.11 views

EUVD-2025-209983

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS6AI score0.00233EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/29 6:43 a.m.7 views

CVE-2025-11262 Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS6AI score0.00233EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:43 a.m.9 views

CVE-2025-11262

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS6AI score0.00233EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-44755

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user id parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS6AI score0.00233EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

WordPress plugin Link Whisper Free 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5.9AI score0.00233EPSS
Exploits1References3
Rows per page
Query Builder