Login

Tag Archives: Link Whisper Free

Plugin Security Scorecard Grade for Link Whisper Free

Checked on August 21, 2024
F

See issues causing the plugin to get less than A+ grade

5 Sep 2024

WordPress Plugins With at Least 150,000+ Installs Using Versions of Third-Party Library With Recently Disclosed Security Vulnerabilities

As we work to expand the capabilities of our new Plugin Security Scorecard, one of our focuses is providing better security information on libraries included in plugins. That is already helping to identity WordPress plugins that are using libraries with known vulnerabilities. Earlier this week, we noted that a plugin with 600,000+ installs was still using a vulnerable version of library 17 months after an update was released. In that situation, we found that the developer had not released a security advisory through GitHub project for the vulnerability. With another library, the developer recently released a couple of advisories and we found that several fairly popular plugins are using an affected version of the library.

The library is PhpSpreadsheet, and the advisories were released on August 28. The plugins are all using version 1.x of the library and update for that was released on September 2. [Read more]

15 May 2023

Information Disclosure Vulnerability in Link Whisper Free

Recently Patchstack very vaguely claimed that there is an unfixed vulnerability in the WordPress plugin Link Whisper Free. We really mean very vaguely, as the only information provided about the claimed vulnerability is that involves a “broken access control” and it doesn’t require authentication. They claimed that they received no reply from the author about the issue.

[Read more]