Impact
The vulnerability in WordPress Link Library allows a user to delete any file on the server that the WordPress process can access. This can erase critical site files, compromise website integrity, and potentially allow an attacker to remove logs or backup data, leading to loss of data and service disruption.
Affected Systems
The flaw affects the WordPress Link Library plugin, versions 7.8.8 and earlier, developed by Yannick Lefebvre. Users of these versions should update to 7.8.9 or later.
Risk and Exploitability
The CVSS score of 7.7 indicates a high severity risk. The EPSS score of < 1% suggests a relatively low likelihood of contemporary exploitation, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is likely through the WordPress administrative interface, where an authenticated user with plugin management privileges could trigger the deletion. This inference is based on the plugin’s role and the typical workflow for content management within WordPress.
OpenCVE Enrichment