CVE-2025-22306: 
WordPress vulnerability analysis and mitigation

The Link Whisper Free WordPress plugin contains a Sensitive Information Exposure vulnerability (CVE-2025-22306) discovered in January 2025. This vulnerability affects all versions of Link Whisper Free up to and including version 0.7.8, allowing unauthenticated attackers to access sensitive information (WPScan, Patchstack).

The vulnerability is classified as CWE-538 (Insertion of Sensitive Information into Externally-Accessible File or Directory). It has received a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

The vulnerability could allow malicious actors to extract sensitive user or configuration data that would normally be restricted from regular users. This exposure of sensitive information could potentially be leveraged to exploit other weaknesses in the system (Patchstack).

Users are advised to update to Link Whisper Free version 0.7.9 or later, which contains the fix for this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).