CVE-2026-1900

MEDIUM CVSS 6.5 View on NVD ↗

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Published: Apr 07, 2026 07:16 UTC Modified: Apr 07, 2026 17:16 UTC