Ylefebvre Link_library
14 CVEs affecting Ylefebvre Link_library. Latest disclosed: 2025-04-22. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-25093 | High | 7.5 | 2022-02-01 | The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary lin… |
CVE-2024-38711 | High | 7.1 | 2024-07-20 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS… |
CVE-2024-35687 | High | 7.1 | 2024-06-08 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows… |
CVE-2024-29123 | High | 7.1 | 2024-03-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This i… |
CVE-2024-24879 | High | 7.1 | 2024-02-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This i… |
CVE-2025-46237 | Medium | 6.5 | 2025-04-22 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Stored… |
CVE-2024-1559 | Medium | 6.5 | 2024-02-20 | The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6… |
CVE-2021-25092 | Medium | 6.5 | 2022-02-01 | The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arb… |
CVE-2024-4281 | Medium | 6.4 | 2024-05-08 | The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and includi… |
CVE-2024-13404 | Medium | 6.1 | 2025-01-21 | The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchll' parameter in all versions up to, and including, 7.7.2… |
CVE-2024-2325 | Medium | 6.1 | 2024-04-09 | The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 du… |
CVE-2021-25091 | Medium | 6.1 | 2022-02-01 | The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a… |
CVE-2022-4199 | Medium | 4.8 | 2023-01-16 | The Link Library WordPress plugin before 7.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perfo… |
CVE-2024-24875 | Medium | 4.3 | 2024-02-12 | Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library.This issue affects Link Library: from n/a through 7.5.13. |