{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/link-whisper-free-plugin/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2025-11262"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Link Whisper Free plugin"],"_cs_severities":["medium"],"_cs_tags":["wordpress","xss","plugin"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe Link Whisper Free plugin for WordPress, in versions up to and including 0.9.0, contains a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-11262. This vulnerability stems from insufficient input sanitization and output escaping of the \u003ccode\u003euser_id\u003c/code\u003e parameter. An unauthenticated attacker can exploit this vulnerability by injecting malicious JavaScript code into the WordPress database. When a logged-in user accesses a page containing the injected script, the script executes within their browser session, potentially leading to session hijacking, sensitive information theft, or other malicious activities. This vulnerability poses a significant risk to WordPress sites using the affected plugin versions, as it allows attackers to compromise user accounts and potentially gain administrative control over the site.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a WordPress site using the Link Whisper Free plugin version 0.9.0 or earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting a page or functionality that utilizes the \u003ccode\u003euser_id\u003c/code\u003e parameter without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe malicious request injects a JavaScript payload into the \u003ccode\u003euser_id\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe WordPress application stores the attacker\u0026rsquo;s payload in the database without proper sanitization or escaping.\u003c/li\u003e\n\u003cli\u003eA legitimate, authenticated user accesses a page or functionality that retrieves and displays the unsanitized \u003ccode\u003euser_id\u003c/code\u003e parameter from the database.\u003c/li\u003e\n\u003cli\u003eThe injected JavaScript payload executes within the user\u0026rsquo;s browser session.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s script can perform actions such as stealing cookies, redirecting the user to a malicious site, or modifying content on the page.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access or control through the compromised user session.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-11262 allows an unauthenticated attacker to inject malicious JavaScript code into a WordPress site. This injected code can then be executed in the browser of any user who views the affected content. The impact of this vulnerability can range from defacement and redirection to the theft of sensitive information, such as user credentials and session cookies, ultimately enabling account takeover. Given the widespread use of WordPress, this vulnerability could potentially impact a large number of websites and users.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Link Whisper Free plugin to the latest available version to remediate CVE-2025-11262.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule \u003ccode\u003eDetect WordPress Link Whisper XSS Attempt\u003c/code\u003e to your SIEM system to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement input validation and output encoding for all user-supplied data, especially within WordPress plugins, to prevent XSS vulnerabilities.\u003c/li\u003e\n\u003cli\u003eRegularly audit WordPress plugins for security vulnerabilities and promptly apply available patches.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T08:17:03Z","date_published":"2026-05-29T08:17:03Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2025-11262-xss/","summary":"The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS), allowing unauthenticated attackers to inject arbitrary web scripts into pages, which execute when a user accesses the injected page, affecting versions up to and including 0.9.0.","title":"CVE-2025-11262: WordPress Link Whisper Free Plugin Stored XSS Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2025-11262-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Link Whisper Free Plugin","version":"https://jsonfeed.org/version/1.1"}