Link Whisper Free
Monthly
Reflected cross-site scripting in the Link Whisper Free WordPress plugin (versions 0.9.4 and earlier) lets an unauthenticated remote attacker inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. The scope-change CVSS vector (S:C) indicates the injected script can affect resources beyond the vulnerable plugin context, such as the broader WordPress admin or site session. No public exploit identified at time of analysis, and it is not listed in CISA KEV; reported by Patchstack.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Link Whisper Link Whisper Free.6.5. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Reflected cross-site scripting in the Link Whisper Free WordPress plugin (versions 0.9.4 and earlier) lets an unauthenticated remote attacker inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. The scope-change CVSS vector (S:C) indicates the injected script can affect resources beyond the vulnerable plugin context, such as the broader WordPress admin or site session. No public exploit identified at time of analysis, and it is not listed in CISA KEV; reported by Patchstack.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Link Whisper Link Whisper Free.6.5. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.