🔐 CVE Alert

CVE-2026-1900

MEDIUM 6.5

Link Whisper Free < 0.9.1 - Unauthenticated Settings and User Meta Update

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
4th

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates.

Vendor unknown
Product link whisper free
Published Apr 7, 2026
Last Updated Apr 7, 2026
Stay Ahead of the Next One

Get instant alerts for unknown link whisper free

Be the first to know when new medium vulnerabilities affecting unknown link whisper free are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Link Whisper Free
0 < 0.9.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗
wpscan.com: https://wpscan.com/vulnerability/dc10b627-7981-4c53-bc9d-e87418f3fcfc/

Credits

yiğit ibrahim sağlam WPScan