Skip to main content

Link Whisper Premium

1 CVEs product

Monthly

CVE-2026-57353 MEDIUM This Month

Broken access control in Link Whisper Premium WordPress plugin versions 2.9.0 and below allows subscriber-level authenticated users to perform privileged actions that should be restricted to higher-capability roles. The flaw stems from missing authorization checks (CWE-862), enabling low-privilege users to make unauthorized modifications with high integrity impact. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, but the low attack complexity and network accessibility make this straightforward to exploit for any user holding even a basic WordPress account on the target site.

Authentication Bypass Link Whisper Premium
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

Broken access control in Link Whisper Premium WordPress plugin versions 2.9.0 and below allows subscriber-level authenticated users to perform privileged actions that should be restricted to higher-capability roles. The flaw stems from missing authorization checks (CWE-862), enabling low-privilege users to make unauthorized modifications with high integrity impact. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, but the low attack complexity and network accessibility make this straightforward to exploit for any user holding even a basic WordPress account on the target site.

Authentication Bypass Link Whisper Premium
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy