PT-2026-44755 · WordPress · Link Whisper
Michael Mazzolini
·
Published
2026-05-29
·
Updated
2026-05-29
·
CVE-2025-11262
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Link Whisper Free versions prior to 0.9.1
Description
Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. These scripts execute whenever a user accesses the affected page. The issue is triggered via the
user id parameter.Recommendations
Update to a version later than 0.9.0.
As a temporary workaround, restrict or avoid using the
user id parameter until the update is applied.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Link Whisper