CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22306 – WordPress Link Whisper Free plugin <= 0.7.7 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2025-22306
06 Jan 2025 — Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.7.7. The Link Whisper Free plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.7.8. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/link-whisper/vulnerability/wordpress-link-whisper-free-plugin-0-7-7-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31934 – WordPress Link Whisper Free plugin <= 0.6.9 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31934
10 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.9. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Link Whisper Link Whisper Free. Este problema afecta a Link Whisper Free: desde n/a hasta 0.6.9. The Link Whisper Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6.9. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/link-whisper/wordpress-link-whisper-free-plugin-0-6-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27992 – WordPress Link Whisper Free plugin <= 0.6.8 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-27992
15 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Whisper Link Whisper Free allows Reflected XSS.This issue affects Link Whisper Free: from n/a through 0.6.8. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('cross-site Scripting') en Link Whisper Link Whisper Free permite Reflected XSS. Este problema afecta a Link Whisper Free: desde n/a hasta 0.6.8. The Link Whisper Free plugin for WordPress is vulne... • https://patchstack.com/database/vulnerability/link-whisper/wordpress-link-whisper-free-plugin-0-6-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32506 – WordPress Link Whisper Free plugin <= 0.6.3 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-32506
10 May 2023 — Missing Authorization vulnerability in Link Whisper Link Whisper Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through 0.6.3. The Link Whisper Free plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init() function called via admin_init in versions up to, and including, 0.6.3. This makes it possible for unauthenticated attackers to export post data. • https://patchstack.com/database/wordpress/plugin/link-whisper/vulnerability/wordpress-link-whisper-free-plugin-0-6-3-unauthenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •