CVE-2026-1935 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing…
Medium CVSS: 4.3

CVE-2026-1935

The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing capability check on the `linkedin_company_post_reset_handler()` function hooked to `admin_post_reset_linkedin_company_post`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete LinkedIn post data stored in the site's options table.
Vendor
-
Product
-
CWE
CWE-862
Yayın Tarihi
2026-03-21 04:16:56
Güncelleme
2026-03-23 14:32:02
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-862 MEDIUM 2026

Referanslar

https://plugins.trac.wordpress.org/browser/company-posts-for-linkedin/tags/1.0.0/admin/class-linkedin-company-posts-admin.php#L625 https://plugins.trac.wordpress.org/browser/company-posts-for-linkedin/trunk/admin/class-linkedin-company-posts-admin.php#L625 https://www.wordfence.com/threat-intel/vulnerabilities/id/4c635405-997e-44ea-8851-7d09051307ad?source=cve