CVE-2025-68600

CVE-2025-68600 describes a Server-Side Request Forgery in the WordPress plugin Link Library (link-library) , affecting versions up to

WordPress Link Library plugin <= 7.8.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Krissaphat Jankaew in WordPress Plugin Link Library versions = 7.8.7...

EUVD-2021-12004

Malware in sbrugna...

EUVD-2024-17305

Malicious code in bioql PyPI...

EUVD-2022-51560

Malicious code in bioql PyPI...

CVE-2024-4281

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-1559

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'llreciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2021-25091

The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2021-25093

The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request...

CVE-2025-2889

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Additional Parameters in all versions up to, and including, 7.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

WordPress Link Library plugin <= 7.7.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Link Library versions = 7.7.2...

CVE-2024-38711 WordPress Link Library plugin <= 7.7.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.7.1...

CVE-2024-4281

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

PT-2024-19744 · WordPress · Link Library

Name of the Vulnerable Software and Affected Versions: Link Library plugin for WordPress versions up to, and including, 7.6.6 Description: The issue is related to Reflected Cross-Site Scripting via the searchll parameter due to insufficient input sanitization and output escaping. This allows...

CVE-2024-1559

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'llreciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-1559 Link Library <= 7.6 - Unauthenticated Stored Cross-Site Scripting

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'llreciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

WordPress Link Library Plugin <= 7.6 is vulnerable to Cross Site Scripting (XSS)

Software Link Library Type Plugin Vulnerable versions = 7.6 Fixed in 7.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1559 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID da5a199a7b9e Credits Krzysztof Zając Require...

CVE-2024-24875 WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Yannick Lefebvre Link Library.This issue affects Link Library: from n/a through 7.5.13...

CVE-2024-24879 WordPress Link Library Plugin <= 7.5.13 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.5.13...

CVE-2022-4199

The Link Library WordPress plugin before 7.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...