Arbitrary File Deletion Vulnerability in Link Library Plugin for WordPress
CVE-2026-40779

7.7HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
15 June 2026

What is CVE-2026-40779?

The Link Library Plugin for WordPress, up to version 7.8.8, suffers from an arbitrary file deletion vulnerability. This issue allows authenticated users to delete arbitrary files on the server, potentially compromising the website's integrity and security. Proper validation and sanitization measures are crucial to mitigate this risk.

Affected Version(s)

Link Library <= 7.8.8

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program
.