PatchSiren cyber security CVE debrief
CVE-2026-40779 Yannick Lefebvre CVE debrief
CVE-2026-40779 is a HIGH severity vulnerability in the Link Library WordPress plugin, with a CVSS score of 7.7. The vulnerability allows contributors to delete arbitrary files in versions <= 7.8.8. The CVE was published on 2026-06-15T21:16:50.463Z and last modified on 2026-06-15T21:24:32.790Z.
- Vendor
- Yannick Lefebvre
- Product
- Link Library
- CVSS
- HIGH 7.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the Link Library WordPress plugin, particularly those with contributor roles, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a lack of proper input validation and file handling in the Link Library plugin. This allows a contributor to delete arbitrary files on the server, potentially leading to data loss and other security issues.
Defensive priority
HIGH
Recommended defensive actions
- Update the Link Library plugin to a version greater than 7.8.8.
- Restrict contributor roles to prevent arbitrary file deletion.
- Monitor server logs for suspicious file deletion activity.
Evidence notes
The vulnerability was reported by Patchstack, as indicated by [ref-4](https://patchstack.com/database/wordpress/plugin/link-library/vulnerability/wordpress-link-library-plugin-7-8-8-arbitrary-file-deletion-vulnerability?_s_id=cve).
Official resources
-
CVE-2026-40779 CVE record
CVE.org
-
CVE-2026-40779 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40779 was published on 2026-06-15T21:16:50.463Z and last modified on 2026-06-15T21:24:32.790Z.