cleantalk
Vulnerabilities and Security Researches

Simple Link Directory, CVE-2026-53742

CVE, Research URL

CVE-2026-53742

Home page URL

Security reports for Simple Link Directory

Application

Simple Link Directory

Published on
Jun 11, 2026
Research Description
Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser.
Affected versions
max 9.0.4.
Status
vulnerable
Previous vulnerability researches
Delete Duplicate Posts (CVE-2023-47754) , Jun 07, 2024
Delete Duplicate Posts (167bca9447242c797f094adbfdc57a724b3dce50) , Jun 07, 2024
Delete Duplicate Posts (CVE-2022-4974) , Nov 15, 2024
New vulnerability
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-49764) , Jun 12, 2026
Upsell Order Bump Offer for WooCommerce – Increase Sales and AOV, Upsell & Cross-sell Offers on Checkout Page (CVE-2026-49110) , Jun 12, 2026
Simple Link Directory (CVE-2026-53742) , Jun 12, 2026
Simple Link Directory (CVE-2026-53741) , Jun 12, 2026
Newsletters (CVE-2026-3018) , Jun 12, 2026