High severity8.5NVD Advisory· Published Jul 4, 2025· Updated Apr 23, 2026

CVE-2025-32297

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows SQL Injection.This issue affects Simple Link Directory: from n/a through < 14.8.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The Simple Link Directory plugin for WordPress contains an unauthenticated SQL injection vulnerability allowing attackers to extract database contents.

The Simple Link Directory plugin for WordPress (versions < 14.8.1) contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. The flaw exists in the qc-simple-link-directory plugin, where user-supplied input is not properly sanitized before being used in SQL queries, allowing an attacker to inject malicious SQL commands [1].

References

SQL Injection in WordPress Simple Link Directory Plugin

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Qc Simple Link Directoryinferred
Range: <14.8.1
Package: https://wordpress.org/plugins/qc-simple-link-directory

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/database/Wordpress/Plugin/qc-simple-link-directory/vulnerability/wordpress-simple-link-directory-pro-plugin-14-7-3-sql-injection-vulnerabilitynvd

News mentions

No linked articles in our index yet.

cvss	0.552
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000