cleantalk
Vulnerabilities and Security Researches

Simple Link Directory, CVE-2026-53741

CVE, Research URL

CVE-2026-53741

Home page URL

Security reports for Simple Link Directory

Application

Simple Link Directory

Published on
Jun 11, 2026
Research Description
Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor.
Affected versions
max 9.0.4.
Status
vulnerable
Previous vulnerability researches
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2026-25385) , Feb 26, 2026
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2024-13362) , May 02, 2026
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2025-32134) , Apr 06, 2025
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2023-5605) , Jun 07, 2024
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2021-24749) , Jun 07, 2024
New vulnerability
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-49764) , Jun 12, 2026
Upsell Order Bump Offer for WooCommerce – Increase Sales and AOV, Upsell & Cross-sell Offers on Checkout Page (CVE-2026-49110) , Jun 12, 2026
Simple Link Directory (CVE-2026-53742) , Jun 12, 2026
Simple Link Directory (CVE-2026-53741) , Jun 12, 2026
Newsletters (CVE-2026-3018) , Jun 12, 2026