Linkwhspr Link Whisper Free vulnerabilities
3 known vulnerabilities affecting linkwhspr/link_whisper_free.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-11262P1HIGHCVSS 7.2ExploitedPoC≤ 0.9.02026-05-29
CVE-2025-11262 [HIGH] CWE-79 CVE-2025-11262: The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses
nvd
CVE-2024-2693P3HIGHCVSS 8.8≤ 0.7.12024-04-09
CVE-2024-2693 [HIGH] CWE-502 CVE-2024-2693: The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up
The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in t
nvd
CVE-2025-11263P4MEDIUMCVSS 6.1≤ 0.8.82025-12-06
CVE-2025-11263 [MEDIUM] CWE-79 CVE-2025-11263: The Link Whisper Free plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the t
The Link Whisper Free plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the type parameter in all versions up to, and including, 0.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully tr
nvd