Link Library Security Vulnerabilities and Issues — Link Library CVE List

YlefebvreLink Library

14 matches found

CVE•added 2024/04/09 6:59 p.m.•79 views

CVE-2024-2325

CVE-2024-2325 concerns the WordPress Link Library plugin. Affected versions up to and including 7.6.6 are vulnerable to a Reflected Cross‑Site Scripting (XSS) flaw via the searchll parameter, caused by insufficient input sanitization and output escaping. This can enable unauthenticated attackers ...

6.1CVSS8.4AI score0.00409EPSS

CVE•added 2024/02/12 8:50 a.m.•65 views

CVE-2024-24875

CVE-2024-24875 is a CSRF vulnerability in the WordPress Link Library plugin by Yannick Lefebvre, affecting Link Library versions through 7.5.13. The issue allows an attacker to perform unintended actions on behalf of an authenticated user (CSRF). The available connected documents indicate a fix i...

8.8CVSS6.3AI score0.00214EPSS

CVE•added 2023/01/16 3:37 p.m.•62 views

CVE-2022-4199

CVE-2022-4199 affects the Link Library WordPress plugin (versions prior to 7.4.1). Root cause: the plugin does not sanitise and escape some settings, enabling stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., multisite). Impact: storedCross‑SiteScri...

4.8CVSS4.9AI score0.0047EPSS

Web

CVE•added 2024/02/20 3:20 a.m.•60 views

CVE-2024-1559

CVE-2024-1559 : The Link Library WordPress plugin is vulnerable to unauthenticated Stored XSS via the ‘ll_reciprocal’ parameter in all versions up to 7.6. Root cause: insufficient input sanitization and output escaping. Impact: attackers can inject arbitrary scripts that run when users view injec...

6.5CVSS6AI score0.00415EPSS

CVE•added 2024/03/19 2:45 p.m.•60 views

CVE-2024-29123

CVE-2024-29123: Reflected XSS in Yannick Lefebvre Link Library (WordPress plugin) due to improper input neutralization during page generation. Affected: Link Library plugin for WordPress, versions up to 7.6. Outcome per sources: the vulnerability exists and has a patch available; risk details and...

7.1CVSS8.6AI score0.00422EPSS

CVE•added 2024/05/08 9:31 a.m.•53 views

CVE-2024-4281

CVE-2024-4281 affects the WordPress Link Library plugin (vulnerable up to 7.6.11) via the link-library shortcode. The issue is stored XSS caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requiresContributor+ access (authenticated). Impact is ...

6.4CVSS6.1AI score0.00263EPSS

CVE•added 2024/06/08 2:42 p.m.•52 views

CVE-2024-35687

CVE-2024-35687 is a Reflected XSS in the WordPress plugin Link Library (link-library) affecting versions up to 7.6.3. The issue arises from improper input neutralization during web page generation, enabling attackers to inject scripts via crafted input. Reliably, patches have been released; remed...

7.1CVSS6.7AI score0.00327EPSS

CVE•added 2025/01/21 9:21 a.m.•50 views

CVE-2024-13404

CVE-2024-13404 concerns the WordPress Link Library plugin. Affected: Link Library (WordPress) up to version 7.7.2. Issue: Reflected Cross-Site Scripting via the searchll parameter caused by insufficient input sanitization and output escaping. Impact: unauthenticated attackers could inject web scr...

6.1CVSS6AI score0.0028EPSS

CVE•added 2025/04/22 9:53 a.m.•49 views

CVE-2025-46237

CVE-2025-46237 affects the WordPress plugin Link Library (versions up to and including 7.8). It enables a Stored XSS via improper input neutralization during web page generation. A patched/fixed release is available (per patch-status), but the exact patched version is not specified here; remediat...

6.5CVSS7.2AI score0.00173EPSS

CVE•added 2022/02/01 12:21 p.m.•45 views

CVE-2021-25091

CVE-2021-25091 affects the WordPress Link Library plugin prior to 7.2.9. The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by insufficient sanitisation/escaping of the settingscopy parameter before it is output on an admin page. Impact is reflected XSS as described in multiple so...

6.1CVSS6AI score0.008EPSS

Web

CVE•added 2024/07/20 7:27 a.m.•42 views

CVE-2024-38711

CVE-2024-38711 is a reflected XSS in WordPress Link Library plugin. The issue arises from improper input neutralization during web page generation, allowing cross-site scripting. Affected versions are Link Library: from n/a through 7.7.1. CVSS metrics from NVD show MEDIUM risk (6.1 base, AV:N/AC:...

7.1CVSS7AI score0.00353EPSS

CVE•added 2022/02/01 12:21 p.m.•41 views

CVE-2021-25092

CVE-2021-25092 affects WordPress Link Library plugin versions prior to 7.2.8. The root cause is the absence of a CSRF check when resetting library settings, enabling a logged-in attacker to trigger a reset of arbitrary settings via CSRF. The practical impact is admin-level configuration changes w...

6.5CVSS6.4AI score0.0048EPSS

Web

CVE•added 2022/02/01 12:21 p.m.•39 views

CVE-2021-25093

The CVE concerns the WordPress Link Library plugin prior to version 7.2.8, where missing authorization for link deletion allows unauthenticated users to remove arbitrary links. The underlying issue is an authority check gap when performing delete requests, enabling exploitation without credential...

7.5CVSS7.4AI score0.01196EPSS

Web

CVE•added 2024/02/08 12:2 p.m.•37 views

CVE-2024-24879

CVE-2024-24879 refers to a Cross-Site Scripting (XSS) flaw in the WordPress Link Library plugin, affecting versions

7.1CVSS7.6AI score0.00375EPSS