CVE-2024-1559: 
WordPress vulnerability analysis and mitigation

The Link Library plugin for WordPress contains a Stored Cross-Site Scripting vulnerability (CVE-2024-1559) via the 'll_reciprocal' parameter in all versions up to and including 7.6. The vulnerability was discovered and disclosed in February 2024, affecting all installations of the Link Library WordPress plugin prior to version 7.6.1 (NVD).

The vulnerability stems from insufficient input sanitization and output escaping in the Link Library WordPress plugin. The issue specifically involves the 'll_reciprocal' parameter, which allows for arbitrary web script injection. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) by NIST with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Wordfence assigned a slightly higher score of 6.5 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N (NVD).

When exploited, this vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page, potentially compromising user data or facilitating further attacks (NVD).

Users should update their Link Library plugin to version 7.6.1 or later, which contains the fix for this vulnerability. The patch is available through the WordPress plugin repository (WordPress Plugin).