VYPR
Medium severity6.5NVD Advisory· Published Apr 7, 2026· Updated Apr 13, 2026

CVE-2026-1900

CVE-2026-1900

Description

The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:linkwhisper:link_whisper:*:*:*:*:free:wordpress:*:*+ 1 more
    • cpe:2.3:a:linkwhisper:link_whisper:*:*:*:*:free:wordpress:*:*range: <0.9.1
    • (no CPE)range: before 0.9.1

Patches

Vulnerability mechanics

References

1

News mentions

1