A vulnerability was found in Spencer Haws Link Whisper Free Plugin up to 0.9.0 on WordPress. It has been rated as critical . Affected by this issue is some unknown functionality of the component REST Endpoint . Performing a manipulation results in missing authorization. This vulnerability is cataloged as CVE-2026-1900 . It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.