Vulnerabilities and security researches forlink-whisper link-whisper

Jun 07, 2024

CVE, Research URL: CVE-2024-2693
Home page URL: Security reports for Link Whisper Free
Application: Link Whisper Free
Date: Apr 10, 2024
Research Description: The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions: max 0.7.2.
Status: vulnerable

CVE, Research URL: f76d18128d996b9b9f3b16d6738c1c5bed2c87c7
Home page URL: Security reports for Link Whisper Free
Application: Link Whisper Free
Date: May 09, 2023
Research Description: Link Whisper Free [link-whisper] < 0.6.4 WordPress Link Whisper Free Plugin <= 0.6.3 is vulnerable to Broken Access Control No patched version is available. No reply from the author. Nguyen Anh Tien discovered and reported this Broken Access Control vulnerability in WordPress Link Whisper Free Plugin. This vulnerability has not been known to be fixed yet.
Affected versions: max 0.6.4.
Status: vulnerable

CVE, Research URL: CVE-2023-47852
Home page URL: Security reports for Link Whisper Free
Application: Link Whisper Free
Date: Dec 20, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.5.
Affected versions: max 0.6.6.
Status: vulnerable

CVE, Research URL: CVE-2024-27992
Home page URL: Security reports for Link Whisper Free
Application: Link Whisper Free
Date: Apr 11, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Whisper Link Whisper Free allows Reflected XSS.This issue affects Link Whisper Free: from n/a through 0.6.8.
Affected versions: max 0.6.9.
Status: vulnerable

CVE, Research URL: CVE-2024-31934
Home page URL: Security reports for Link Whisper Free
Application: Link Whisper Free
Date: Apr 11, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.9.
Affected versions: max 0.7.0.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-32506
Home page URL: Security reports for Link Whisper Free
Application: Link Whisper Free
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Link Whisper Link Whisper Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through 0.6.3.
Affected versions: max 0.6.4.
Status: vulnerable

Jan 09, 2025

CVE, Research URL: CVE-2025-22306
Home page URL: Security reports for Link Whisper Free
Application: Link Whisper Free
Date: Jan 07, 2025
Research Description: Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.7.7.
Affected versions: max 0.7.9.
Status: vulnerable

Nov 10, 2025

CVE, Research URL: CVE-2025-62970
Home page URL: Security reports for Link Whisper Free
Application: Link Whisper Free
Date: Oct 27, 2025
Research Description: Missing Authorization vulnerability in Spencer Haws Link Whisper Free link-whisper allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through <= 0.8.8.
Affected versions: max 0.8.8.
Status: vulnerable