cleantalk
Vulnerabilities and Security Researches

Simple Link Directory, CVE-2026-53742

CVE, Research URL

CVE-2026-53742

Home page URL

Security reports for Simple Link Directory

Application

Simple Link Directory

Published on
Jun 11, 2026
Research Description
Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser.
Affected versions
max 9.0.4.
Status
vulnerable
Previous vulnerability researches
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2026-25385) , Feb 26, 2026
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2024-13362) , May 02, 2026
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2025-32134) , Apr 06, 2025
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2023-5605) , Jun 07, 2024
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2021-24749) , Jun 07, 2024
New vulnerability
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-49764) , Jun 12, 2026
Upsell Order Bump Offer for WooCommerce – Increase Sales and AOV, Upsell & Cross-sell Offers on Checkout Page (CVE-2026-49110) , Jun 12, 2026
Simple Link Directory (CVE-2026-53742) , Jun 12, 2026
Simple Link Directory (CVE-2026-53741) , Jun 12, 2026
Newsletters (CVE-2026-3018) , Jun 12, 2026