PT-2026-30797 · WordPress · Link Whisper

Published

2026-04-07

·

Updated

2026-04-19

·

CVE-2026-1900

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Link Whisper Free WordPress plugin versions prior to 0.9.1
Description The Link Whisper Free WordPress plugin has a publicly accessible REST endpoint that allows unauthenticated users to update settings.
Recommendations Update to version 0.9.1 or later.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2026-1900

Affected Products

Link Whisper