PT-2026-26827 · WordPress · Company Posts For Linkedin

Abhirup Konwar

Publicado

2026-03-21

Atualizado

2026-03-21

CVE-2026-1935

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions The Company Posts for LinkedIn plugin for WordPress versions prior to 1.0.1

Description The software is susceptible to a missing authorization issue. This is caused by a missing capability check within the linkedin company post reset handler() function, which is connected to the admin post reset linkedin company post action. Attackers with Subscriber-level access or higher can delete LinkedIn post data stored in the site’s options table.

Recommendations Update The Company Posts for LinkedIn plugin for WordPress to version 1.0.1 or later.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2026-1935

Produtos afetados

Company Posts For Linkedin

PT-2026-26827 · WordPress · Company Posts For Linkedin

CVE-2026-1935

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5