CVE-2026-0812 is a stored cross-site scripting (XSS) vulnerability identified in the LinkedIn SC plugin for WordPress, maintained by guillaumev. The flaw exists in all plugin versions up to and including 1.1.9 and arises from improper neutralization of input during web page generation, specifically within the 'linkedin_sc_date_format', 'linkedin_sc_api_key', and 'linkedin_sc_secret_key' parameters. These parameters lack sufficient input sanitization and output escaping, allowing an attacker with administrator-level privileges to inject arbitrary JavaScript code into pages generated by the plugin. Because the vulnerability is stored, the malicious script persists in the website's content and executes whenever any user visits the compromised page. The vulnerability requires authenticated access with high privileges (administrator or above), does not require user interaction to trigger, and affects the confidentiality and integrity of user data by potentially stealing session cookies or performing actions on behalf of users. The CVSS v3.1 base score is 4.4 (medium severity), reflecting the need for high privileges and the limited impact on availability. No public exploits have been reported to date, but the vulnerability poses a risk to WordPress sites using this plugin, especially those with multiple users or sensitive data. The lack of available patches at the time of reporting necessitates immediate mitigation steps by site administrators.

For European organizations, this vulnerability could lead to unauthorized script execution within their WordPress sites, potentially compromising user sessions, leaking sensitive information, or enabling further attacks such as privilege escalation or phishing. Organizations relying on the LinkedIn SC plugin for embedding LinkedIn content or functionalities are at risk, particularly if the plugin is used on sites with multiple users or customers. The impact is primarily on confidentiality and integrity, as attackers could hijack user sessions or manipulate displayed content. Although the vulnerability requires administrator-level access to exploit, insider threats or compromised admin accounts could be leveraged to deploy malicious scripts. This could damage organizational reputation, lead to data breaches, and violate data protection regulations such as GDPR. The medium severity score reflects these risks but also the limited scope of exploitation due to required privileges. European companies with public-facing WordPress sites integrating LinkedIn SC should assess their exposure and remediate promptly to avoid targeted attacks or compliance issues.

Since no official patches are currently available, European organizations should take immediate practical steps to mitigate the risk. First, restrict administrator access strictly to trusted personnel and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of credential compromise. Conduct thorough audits of all administrator accounts and remove any unnecessary privileges. Temporarily disable or uninstall the LinkedIn SC plugin if feasible until a patched version is released. If disabling is not possible, implement web application firewall (WAF) rules to detect and block suspicious input patterns targeting the vulnerable parameters ('linkedin_sc_date_format', 'linkedin_sc_api_key', 'linkedin_sc_secret_key'). Additionally, monitor logs for unusual administrator activity or unexpected changes to plugin settings. Educate administrators on the risks of injecting untrusted data. Once a patch is available, apply it immediately. Regularly update WordPress core and all plugins to minimize exposure to similar vulnerabilities. Finally, consider implementing Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected sites.