Unauthenticated Cross Site Scripting in Link Whisper Free by WordPress
CVE-2026-57333

7.1HIGH

Key Information:

Vendor: WordPress
Status: Link Whisper Free
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-57333?

A security flaw in the Link Whisper Free plugin allows attackers to exploit unauthenticated Cross Site Scripting (XSS). This vulnerability affects versions up to and including 0.9.4, enabling potential execution of malicious scripts in the context of an authenticated user, leading to unauthorized access and information disclosure.

Affected Version(s)

Link Whisper Free <= 0.9.4

References

https://patchstack.com/database/wordpress/plugin/link-whi...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 24, 2026

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program

CVE-2026-57333 Data

JSON