What the vulnerability does
01Description
Subscriber Broken Access Control in Link Whisper Premium <= 2.9.0 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Subscriber Broken Access Control in Link Whisper Premium <= 2.9.0 versions.
Explanation of Vulnerability in Simple Terms
Link Whisper Premium versions up to 2.9.0 lack proper authorization checks, allowing authenticated users to modify content they should not have access to. An attacker with a low-privilege account can alter data integrity without requiring user interaction. The vulnerability affects the plugin's core functionality and could impact site content management.
What an attacker can do
Modify or alter site content and data that the attacker's account should not have permission to change.
Potential impact on your site
Unauthorized users can alter site content, pages, or settings, compromising data integrity and site reliability.
Conditions required to exploit
Attacker must have a valid low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities