Arbitrary File Deletion Vulnerability in Link Library Plugin for WordPress
CVE-2026-40779
7.7HIGH
What is CVE-2026-40779?
The Link Library Plugin for WordPress, up to version 7.8.8, suffers from an arbitrary file deletion vulnerability. This issue allows authenticated users to delete arbitrary files on the server, potentially compromising the website's integrity and security. Proper validation and sanitization measures are crucial to mitigate this risk.
Affected Version(s)
Link Library <= 7.8.8
References
CVSS V3.1
Score:
7.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program