Browse all 4 CVE security advisories affecting Link Whisper. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Link Whisper is a WordPress plugin designed to automate internal linking between posts to improve SEO. Historically, it has been vulnerable to multiple security issues including stored cross-site scripting (XSS) and remote code execution (RCE) due to insufficient input sanitization and improper access controls. The plugin has also faced privilege escalation vulnerabilities that allowed lower-privileged users to perform unauthorized actions. With four CVEs recorded, these issues have enabled attackers to inject malicious scripts, execute arbitrary code on vulnerable sites, and potentially compromise entire WordPress installations. No major public incidents have been widely reported, but the consistent pattern of vulnerabilities highlights ongoing security concerns in its development practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-32506 | WordPress Link Whisper Free plugin <= 0.6.3 - Unauthenticated Broken Access Control vulnerability — Link Whisper FreeCWE-862 | 6.5 | Medium | 2024-12-13 |
| CVE-2024-31934 | WordPress Link Whisper Free plugin <= 0.6.9 - Cross Site Request Forgery (CSRF) vulnerability — Link Whisper FreeCWE-352 | 4.3 | Medium | 2024-04-11 |
| CVE-2024-27992 | WordPress Link Whisper Free plugin <= 0.6.8 - Reflected Cross Site Scripting (XSS) vulnerability — Link Whisper FreeCWE-79 | 7.1 | High | 2024-03-21 |
| CVE-2023-47852 | WordPress Link Whisper Free Plugin <= 0.6.5 is vulnerable to SQL Injection — Link Whisper FreeCWE-89 | 8.5 | High | 2023-12-20 |
This page lists every published CVE security advisory associated with Link Whisper. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.