cleantalk
Vulnerabilities and Security Researches

Simple Link Directory, CVE-2024-12417

CVE, Research URL

CVE-2024-12417

Home page URL

Security reports for Simple Link Directory

Application

Simple Link Directory

Published on
Dec 13, 2024
Research Description
The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions
max 8.4.1.
Status
vulnerable
Previous vulnerability researches
Simple Link Directory (CVE-2022-0760) , Jun 07, 2024
Simple Link Directory (CVE-2019-13463) , Jun 07, 2024
Simple Link Directory (CVE-2026-7209) , May 04, 2026
Simple Link Directory (CVE-2024-12417) , Dec 15, 2024
Simple Link Directory (CVE-2026-53741) , Jun 12, 2026
New vulnerability
2MB Autocode (CVE-2023-33999) , Jun 12, 2026
Tiered Pricing Table for WooCommerce (CVE-2023-33999) , Jun 12, 2026
CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress (CVE-2023-33999) , Jun 12, 2026
Tag Groups is the Advanced Way to Display Your Taxonomy Terms (CVE-2023-33999) , Jun 12, 2026
Cooked – Recipe Management (CVE-2023-33999) , Jun 12, 2026