CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added yesterday•10 views

CVE-2026-57333

CVE-2026-57333 describes an unauthenticated reflected Cross Site Scripting (XSS) vulnerability in the WordPress plugin Link Whisper Free , affecting versions up to and including 0.9.4 . The connected sources consistently identify it as a reflected XSS issue in the Free plugin; no root-cause detai...

7.1CVSS5.8AI score

EUVD•added yesterday•6 views

EUVD-2026-40104

Unauthenticated Cross Site Scripting XSS in Link Whisper Free = 0.9.4 versions...

7.1CVSS5.8AI score

Cvelist•added yesterday•11 views

CVE-2026-57333 WordPress Link Whisper Free plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Link Whisper Free = 0.9.4 versions...

7.1CVSS

GithubExploit•added 2026/06/09 3:56 p.m.•55 views

Exploit for CVE-2025-11262

CVE Lab: CVE-2025-11262 - Link Whisper Free Unauthenticated St...

7.2CVSS5.4AI score0.00233EPSS

Exploits1

RedhatCVE•added 2026/06/05 7:48 p.m.•9 views

CVE-2026-1900

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates...

6.5CVSS5.5AI score0.00186EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:41 p.m.•10 views

CVE-2025-11262

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS5.7AI score0.00233EPSS

Exploits1References1

Patchstack•added 2026/05/29 1:16 p.m.•16 views

WordPress Link Whisper Free plugin <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin Link Whisper Free versions = 0.9.0...

7.2CVSS5.8AI score0.00233EPSS

Exploits1References1Affected Software1

NVD•added 2026/05/29 8:16 a.m.•14 views

CVE-2025-11262

7.2CVSS0.00233EPSS

CVE•added 2026/05/29 6:43 a.m.•24 views

CVE-2025-11262

The CVE concerns the WordPress plugin Link Whisper Free (up to version 0.9.0). It is an unauthenticated stored XSS via the REST endpoint where the attacker-supplied value in the user_id parameter is persisted and later rendered in the admin UI, enabling JavaScript execution when a privileged admi...

In wildExploits1References3

Cvelist•added 2026/05/29 6:43 a.m.•35 views

CVE-2025-11262 Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting

7.2CVSS0.00233EPSS

ATTACKERKB•added 2026/05/29 6:43 a.m.•8 views

CVE-2025-11262

EUVD•added 2026/05/29 6:43 a.m.•11 views

Exploits1References4

EUVD-2025-209983

Vulnrichment•added 2026/05/29 6:43 a.m.•7 views

CVE-2025-11262 Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting

Positive Technologies•added 2026/05/29 12:0 a.m.•13 views

PT-2026-44755

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user id parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CNNVD•added 2026/05/29 12:0 a.m.•8 views

Exploits1References4

WordPress plugin Link Whisper Free 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5.9AI score0.00233EPSS