CVE-2026-1935
Received Received - Intake
Missing Authorization in Company Posts for LinkedIn WordPress Plugin Allows Data Deletion

Publication date: 2026-03-21

Last updated on: 2026-03-21

Assigner: Wordfence

Description
The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing capability check on the `linkedin_company_post_reset_handler()` function hooked to `admin_post_reset_linkedin_company_post`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete LinkedIn post data stored in the site's options table.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-03-21
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1935
EUVD
EUVD-2026-13988
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
the_company posts_for_linkedin to 1.0.0 (inc)
wordfence company_posts_for_linkedin to 1.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the Company Posts for LinkedIn plugin for WordPress, specifically in all versions up to and including 1.0.0. It is caused by a missing authorization check in the function linkedin_company_post_reset_handler(), which is triggered by the admin_post_reset_linkedin_company_post action. Because of this missing capability check, authenticated users with Subscriber-level access or higher can delete LinkedIn post data stored in the site's options table.

Impact Analysis

This vulnerability allows authenticated users with relatively low privileges (Subscriber-level and above) to delete LinkedIn post data stored by the plugin in the WordPress site's options table. This could lead to loss of important LinkedIn post information managed through the plugin, potentially disrupting social media management and content continuity.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1935. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart