CVE-2026-1935: CWE-862 Missing Authorization in brainstation23 Company Posts for LinkedIn
The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing capability check on the `linkedin_company_post_reset_handler()` function hooked to `admin_post_reset_linkedin_company_post`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete LinkedIn post data stored in the site's options table.
AI Analysis
Technical Summary
CVE-2026-1935 is a missing authorization vulnerability (CWE-862) in the Company Posts for LinkedIn WordPress plugin, affecting all versions up to and including 1.0.0. The vulnerability arises from the absence of a capability check in the linkedin_company_post_reset_handler() function, which is hooked to the admin_post_reset_linkedin_company_post action. This allows any authenticated user with at least Subscriber-level privileges to delete LinkedIn post data stored in the WordPress options table, potentially impacting data integrity.
Potential Impact
An authenticated attacker with Subscriber-level access or higher can delete LinkedIn post data stored by the plugin in the WordPress options table. This results in loss of LinkedIn post data but does not impact confidentiality or availability beyond data deletion. There is no evidence of exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict user roles to trusted individuals only and monitor for unauthorized changes. Avoid granting Subscriber-level or higher access to untrusted users. Follow updates from the plugin vendor for a security patch.
CVE-2026-1935: CWE-862 Missing Authorization in brainstation23 Company Posts for LinkedIn
Description
The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing capability check on the `linkedin_company_post_reset_handler()` function hooked to `admin_post_reset_linkedin_company_post`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete LinkedIn post data stored in the site's options table.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-1935 is a missing authorization vulnerability (CWE-862) in the Company Posts for LinkedIn WordPress plugin, affecting all versions up to and including 1.0.0. The vulnerability arises from the absence of a capability check in the linkedin_company_post_reset_handler() function, which is hooked to the admin_post_reset_linkedin_company_post action. This allows any authenticated user with at least Subscriber-level privileges to delete LinkedIn post data stored in the WordPress options table, potentially impacting data integrity.
Potential Impact
An authenticated attacker with Subscriber-level access or higher can delete LinkedIn post data stored by the plugin in the WordPress options table. This results in loss of LinkedIn post data but does not impact confidentiality or availability beyond data deletion. There is no evidence of exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict user roles to trusted individuals only and monitor for unauthorized changes. Avoid granting Subscriber-level or higher access to untrusted users. Follow updates from the plugin vendor for a security patch.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-02-04T21:13:47.975Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69be180bf4197a8e3b784264
Added to database: 3/21/2026, 4:01:15 AM
Last enriched: 4/9/2026, 6:36:26 PM
Last updated: 5/4/2026, 11:44:29 PM
Views: 31
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.