EUVD-2026-13988
GHSA-jxrp-m8r2-xf97
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3Description
The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing capability check on the `linkedin_company_post_reset_handler()` function hooked to `admin_post_reset_linkedin_company_post`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete LinkedIn post data stored in the site's options table.
Analysis
The Company Posts for LinkedIn WordPress plugin (versions up to 1.0.0) contains a missing authorization vulnerability in the linkedin_company_post_reset_handler() function that allows authenticated attackers with Subscriber-level privileges to delete LinkedIn post data from the site's options table without proper capability checks. This is a privilege escalation flaw where low-privileged users can perform administrative actions. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems running plugin for WordPress is vulnerable to Missing Authorization and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today