VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 20 known issues Latest disclosed Apr 22, 2026

Link Library Vulnerabilities

Review known vulnerability records for the WordPress plugin Link Library (`link-library`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-40779, CVE-2025-68600 and CVE-2025-46237, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
20
High or Critical
2
Patch Coverage
100%
Last Updated
Apr 30, 2026
Priority CVE Quick Links

Fast paths into Link Library CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
17
CVE-2026-40779 High 7.8.9
CVE-2026-40779 Link Library Remote Code Execution

Link Library <= 7.8.8 - Authenticated (Contributor+) Arbitrary File Deletion

CVE-2024-1559 Medium 7.6.1
CVE-2024-1559 Link Library Stored Cross-Site Scripting

Link Library <= 7.6 - Unauthenticated Stored Cross-Site Scripting

CVE-2025-68600 Medium 7.8.8
CVE-2025-68600 Link Library Server-Side Request Forgery

Link Library <= 7.8.7 - Authenticated (Contributor+) Server-Side Request Forgery

CVE-2025-46237 Medium 7.8.1
CVE-2025-46237 Link Library Stored Cross-Site Scripting

Link Library <= 7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-2889 Medium 7.8
CVE-2025-2889 Link Library Stored Cross-Site Scripting

Link Library <= 7.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Additional Parameters

CVE-2024-4281 Medium 7.7
CVE-2024-4281 Link Library Stored Cross-Site Scripting

Link Library <= 7.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via link-library Shortcode

CVE-2024-13404 Medium 7.7.3
CVE-2024-13404 Link Library Cross-Site Scripting

Link Library <= 7.7.2 - Reflected Cross-Site Scripting

CVE-2024-38711 Medium 7.7.2
CVE-2024-38711 Link Library Cross-Site Scripting

Link Library <= 7.7.1 - Reflected Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Link Library so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
20 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 2 high severity findings.
Recent CVEs
CVE-2026-40779, CVE-2025-68600 and CVE-2025-46237
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Link Library

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2026-40779
CVE-2026-40779: Link Library <= 7.8.8 - Authenticated (Contributor+) Arbitrary File Deletion

The Link Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 7.8.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary fi...

Published
Apr 22, 2026
Patched Release
7.8.9
Affected Versions
Versions up to 7.8.8
Next Step
Update to 7.8.9 or newer if supported.
Open CVE-2026-40779 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-68600
CVE-2025-68600: Link Library <= 7.8.7 - Authenticated (Contributor+) Server-Side Request Forgery

The Link Library plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.8.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating fro...

Published
Dec 24, 2025
Patched Release
7.8.8
Affected Versions
Versions up to 7.8.7
Next Step
Update to 7.8.8 or newer if supported.
Open CVE-2025-68600 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-46237
CVE-2025-46237: Link Library <= 7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inj...

Published
Apr 22, 2025
Patched Release
7.8.1
Affected Versions
Versions up to 7.8
Next Step
Update to 7.8.1 or newer if supported.
Open CVE-2025-46237 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-2889
CVE-2025-2889: Link Library <= 7.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Additional Parameters

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Additional Parameters in all versions up to, and including, 7.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with C...

Published
Apr 04, 2025
Patched Release
7.8
Affected Versions
Versions up to 7.7.3
Next Step
Update to 7.8 or newer if supported.
Open CVE-2025-2889 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-13404
CVE-2024-13404: Link Library <= 7.7.2 - Reflected Cross-Site Scripting

The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchll' parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

Published
Jan 20, 2025
Patched Release
7.7.3
Affected Versions
Versions up to 7.7.2
Next Step
Update to 7.7.3 or newer if supported.
Open CVE-2024-13404 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-38711
CVE-2024-38711: Link Library <= 7.7.1 - Reflected Cross-Site Scripting

The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

Published
Jul 11, 2024
Patched Release
7.7.2
Affected Versions
Versions up to 7.7.1
Next Step
Update to 7.7.2 or newer if supported.
Open CVE-2024-38711 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-35687
CVE-2024-35687: Link Library <= 7.6.3 - Reflected Cross-Site Scripting

The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 7.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pa...

Published
Jun 06, 2024
Patched Release
7.6.4
Affected Versions
Versions up to 7.6.3
Next Step
Update to 7.6.4 or newer if supported.
Open CVE-2024-35687 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-4281
CVE-2024-4281: Link Library <= 7.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via link-library Shortcode

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

Published
May 07, 2024
Patched Release
7.7
Affected Versions
Versions up to 7.6.11
Next Step
Update to 7.7 or newer if supported.
Open CVE-2024-4281 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-29123
CVE-2024-29123: Link Library <= 7.6 - Reflected Cross-Site Scripting

The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...

Published
Mar 16, 2024
Patched Release
7.6.1
Affected Versions
Versions up to 7.6
Next Step
Update to 7.6.1 or newer if supported.
Open CVE-2024-29123 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2325
CVE-2024-2325: Link Library <= 7.6.6 - Reflected Cross-Site Scripting

The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Published
Mar 13, 2024
Patched Release
7.6.7
Affected Versions
Versions up to 7.6.6
Next Step
Update to 7.6.7 or newer if supported.
Open CVE-2024-2325 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-1559
CVE-2024-1559: Link Library <= 7.6 - Unauthenticated Stored Cross-Site Scripting

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

Published
Feb 19, 2024
Patched Release
7.6.1
Affected Versions
Versions up to 7.6
Next Step
Update to 7.6.1 or newer if supported.
Open CVE-2024-1559 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-24875
CVE-2024-24875: Link Library <= 7.5.13 - Cross-Site Request Forgery via action_admin_init

The Link Library plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.5.13. This is due to missing or incorrect nonce validation on the action_admin_init() function. This makes it possible for unauthenticated attackers to dismissing...

Published
Feb 05, 2024
Patched Release
7.6
Affected Versions
Versions up to 7.5.13
Next Step
Update to 7.6 or newer if supported.
Open CVE-2024-24875 Report Open CVE Reference