CVE-2026-57353
Deferred Deferred - Pending Action

Subscriber Broken Access Control in Link Whisper Premium

Vulnerability report for CVE-2026-57353, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Patchstack

Description

Subscriber Broken Access Control in Link Whisper Premium <= 2.9.0 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
link_whisper premium to 2.9.1 (exc)
link_whisper premium to 2.9.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability is a Broken Access Control issue in the WordPress Link Whisper Premium Plugin, versions 2.9.0 and below.

It allows unprivileged users, such as those with a Subscriber role, to perform actions that normally require higher privileges because of missing authorization, authentication, or nonce token checks.

This means that users who should have limited access can exploit this flaw to gain unauthorized capabilities within the plugin.

Impact Analysis

This vulnerability can lead to unauthorized actions being performed by low-privileged users, potentially compromising the integrity of your website.

Since it allows privilege escalation, attackers could exploit it in large-scale campaigns targeting thousands of websites.

The impact is considered moderately dangerous with a CVSS score of 6.5, indicating a significant risk if left unpatched.

Immediate action, such as updating the plugin to version 2.9.1 or later, is advised to mitigate this risk.

Detection Guidance

The vulnerability allows unprivileged users, such as those with a Subscriber role, to perform actions requiring higher privileges due to missing authorization, authentication, or nonce token checks.

Detection involves monitoring for unauthorized privilege escalation attempts or suspicious activity from Subscriber accounts within the WordPress Link Whisper Premium plugin version 2.9.0 or below.

Specific commands are not provided in the available resources.

Mitigation Strategies

Immediate mitigation includes updating the Link Whisper Premium plugin to version 2.9.1 or later.

Until the update is applied, Patchstack has provided a mitigation rule to block attacks exploiting this vulnerability.

Taking these steps will prevent unprivileged users from exploiting the broken access control issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57353. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart