Vulnerabilities and security researches forsimple-link-directory simple-link-directory
Direction: descendingJun 12, 2026
Simple Link Directory # CVE-2026-53741
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 11, 2026
- Research Description
- Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor.
- Affected versions
-
max 9.0.4.
- Status
-
vulnerable
Simple Link Directory # CVE-2026-53742
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 11, 2026
- Research Description
- Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser.
- Affected versions
-
max 9.0.4.
- Status
-
vulnerable
May 04, 2026
Simple Link Directory # CVE-2026-7209
- CVE, Research URL
- Home page URL
- Application
- Date
- May 02, 2026
- Research Description
- The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `qcopd-directory` shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes such as `title_font_size`. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 8.9.4.
- Status
-
vulnerable
Jan 10, 2026
Simple Link Directory # CVE-2025-67576
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 09, 2025
- Research Description
- Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
- Affected versions
-
max 8.8.3.
- Status
-
vulnerable
Simple Link Directory # CVE-2025-67465
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 09, 2025
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Cross Site Request Forgery.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
- Affected versions
-
max 8.8.3.
- Status
-
vulnerable
Dec 15, 2024
Simple Link Directory # CVE-2024-12417
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 13, 2024
- Research Description
- The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
- Affected versions
-
max 8.4.1.
- Status
-
vulnerable
Jun 07, 2024
Simple Link Directory # CVE-2022-0760
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 22, 2022
- Research Description
- The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
- Affected versions
-
max 5.6.0.
- Status
-
vulnerable
Simple Link Directory # CVE-2019-13463
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 21, 2020
- Research Description
- An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement.
- Affected versions
-
max 7.3.5.
- Status
-
vulnerable