Link Whisper Premium
Monthly
Broken access control in Link Whisper Premium WordPress plugin versions 2.9.0 and below allows subscriber-level authenticated users to perform privileged actions that should be restricted to higher-capability roles. The flaw stems from missing authorization checks (CWE-862), enabling low-privilege users to make unauthorized modifications with high integrity impact. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, but the low attack complexity and network accessibility make this straightforward to exploit for any user holding even a basic WordPress account on the target site.
Broken access control in Link Whisper Premium WordPress plugin versions 2.9.0 and below allows subscriber-level authenticated users to perform privileged actions that should be restricted to higher-capability roles. The flaw stems from missing authorization checks (CWE-862), enabling low-privilege users to make unauthorized modifications with high integrity impact. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, but the low attack complexity and network accessibility make this straightforward to exploit for any user holding even a basic WordPress account on the target site.