CVE-2026-0812 is a stored cross-site scripting vulnerability identified in the LinkedIn SC plugin for WordPress, maintained by guillaumev. This vulnerability affects all versions up to and including 1.1.9. The root cause is insufficient sanitization and escaping of user-supplied input in the parameters 'linkedin_sc_date_format', 'linkedin_sc_api_key', and 'linkedin_sc_secret_key' during web page generation. Authenticated attackers with administrator-level access or higher can exploit this flaw by injecting arbitrary JavaScript code into pages rendered by the plugin. When other users visit these pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or unauthorized actions within the context of the affected site. The CVSS 3.1 base score is 4.4, reflecting a medium severity, with the vector indicating network attack vector, high attack complexity, high privileges required, no user interaction, and a scope change. Although no known exploits have been reported in the wild, the vulnerability poses a risk especially in environments where multiple users access the WordPress site. The lack of published patches necessitates immediate attention to alternative mitigation strategies. This vulnerability falls under CWE-79, a common and well-understood class of web application security issues related to improper neutralization of input during web page generation.

For European organizations, this vulnerability could lead to unauthorized script execution within trusted WordPress sites using the LinkedIn SC plugin. The primary impact is on confidentiality and integrity, as attackers could steal session tokens, deface content, or perform actions on behalf of legitimate users. Although availability is not directly affected, the reputational damage and potential data breaches could have regulatory consequences under GDPR. Organizations with multi-user WordPress environments, especially those with administrators who might be targeted for credential compromise, are at higher risk. The medium CVSS score reflects the need for caution but also indicates that exploitation requires high privileges, limiting the threat to insider attackers or compromised admin accounts. European businesses relying on LinkedIn integration via this plugin for marketing or recruitment may face targeted attacks aiming to disrupt operations or exfiltrate sensitive data.

Since no official patches are currently available, European organizations should immediately restrict administrator access to trusted personnel and enforce strong authentication mechanisms such as multi-factor authentication (MFA). Conduct thorough audits of WordPress user accounts to detect unauthorized admin users. Implement web application firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting the vulnerable parameters. Regularly monitor logs for unusual activity related to the LinkedIn SC plugin. Consider temporarily disabling or uninstalling the plugin if feasible until a patch is released. Educate administrators about the risks of XSS and safe plugin management practices. Additionally, apply content security policies (CSP) to limit the impact of injected scripts. Finally, maintain up-to-date backups to enable recovery in case of compromise.