CVE-2026-1935 in Company Posts for LinkedIn Plugininformação

Sumário

de MITRE • 21/03/2026

The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing capability check on the `linkedin_company_post_reset_handler()` function hooked to `admin_post_reset_linkedin_company_post`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete LinkedIn post data stored in the site's options table.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Wordfence

Reservar

04/02/2026

Divulgação

21/03/2026

Moderação

aceite

Entrada

VDB-352173

CPE

pronto

CWE

CWE-862 (confirmado)

CVSS

4.3 (CNA)

EPSS

0.00037

KEV

não

Atividades

muito baixo

Sector

Hostingprovider

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-1935
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-1935
CVE Details	https://www.cvedetails.com/cve/CVE-2026-1935/

◂ Voltar Visão Geral Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!