Home

Description

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates.

PUBLISHED Reserved 2026-02-04 | Published 2026-04-07 | Updated 2026-04-07 | Assigner WPScan

Problem types

CWE-862 Missing Authorization

Product status

Default status
unaffected

Any version before 0.9.1
affected

Credits

yiğit ibrahim sağlam finder

WPScan coordinator

References

wpscan.com/...rability/dc10b627-7981-4c53-bc9d-e87418f3fcfc/ exploit vdb-entry technical-description

cve.org (CVE-2026-1900)

nvd.nist.gov (CVE-2026-1900)

Download JSON