CVE-2025-11262 | linkwhspr Link Whisper Free Plugin up to 0.9.0 on WordPress user_id cross site scripting (EUVD-2025-209983)
ID: f6966a67-a891-52c0-9b86-62abf337fcbe
STIX ID: report--f6966a67-a891-52c0-9b86-62abf337fcbe
Feed Name: VulDB Recent Entries
Threat Score
The Link Whisper Free WordPress plugin (versions up to and including 0.9.0) contains a stored Cross-Site Scripting (CWE-79) vulnerability in the user_id parameter (CVE-2025-11262) that allows unauthenticated remote attackers to inject scripts; the issue was disclosed by Michael Mazzolini and documented in advisories (e.g., Wordfence, VulDB), exploitation is reported as easy but no public exploit or mitigation is currently available.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.