cleantalk
Vulnerabilities and Security Researches

Simple Link Directory, CVE-2026-53741

CVE, Research URL

CVE-2026-53741

Home page URL

Security reports for Simple Link Directory

Application

Simple Link Directory

Published on
Jun 11, 2026
Research Description
Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor.
Affected versions
max 9.0.4.
Status
vulnerable
Previous vulnerability researches
Duplicate Page and Post (CVE-2025-31466) , Apr 02, 2025
Duplicate Page and Post (CVE-2025-31471) , Apr 02, 2025
New vulnerability
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-49764) , Jun 12, 2026
Upsell Order Bump Offer for WooCommerce – Increase Sales and AOV, Upsell & Cross-sell Offers on Checkout Page (CVE-2026-49110) , Jun 12, 2026
Simple Link Directory (CVE-2026-53742) , Jun 12, 2026
Simple Link Directory (CVE-2026-53741) , Jun 12, 2026
Newsletters (CVE-2026-3018) , Jun 12, 2026