cleantalk
Vulnerabilities and Security Researches

Link Shield, CVE-2025-5926

CVE, Research URL

CVE-2025-5926

Home page URL

Security reports for Link Shield

Application

Link Shield

Published on
Jun 13, 2025
Research Description
The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. This is due to missing or incorrect nonce validation on the link_shield_menu_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 0.5.4.
Status
vulnerable
Previous vulnerability researches
Link Shield (CVE-2025-5926) , Jun 15, 2025
Link Shield (CVE-2025-32503) , Apr 11, 2025
New vulnerability
Google Map Targeting (CVE-2025-52732) , Aug 04, 2025
WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin (CVE-2025-8152) , Aug 04, 2025
One Click Demo Import , Aug 04, 2025
My Reservation System (CVE-2025-7022) , Aug 02, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54682) , Aug 02, 2025