PHP Link Directory
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7209 | Med | 0.42 | 6.4 | 0.00 | May 2, 2026 | The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `qcopd-directory` shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes… | ||
| CVE-2024-12417 | Med | 0.35 | 6.5 | 0.00 | Dec 13, 2024 | The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode.… | ||
| CVE-2011-0643 | 0.03 | — | 0.01 | Jan 25, 2011 | Cross-site request forgery (CSRF) vulnerability in admin/conf_users_edit.php in PHP Link Directory (phpLD) 4.1.0 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via the N action. | |||
| CVE-2008-6851 | 0.03 | — | 0.01 | Jul 7, 2009 | SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||
| CVE-2007-0529 | 0.00 | — | 0.01 | Jan 26, 2007 | Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate… |
- risk 0.42cvss 6.4epss 0.00
The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `qcopd-directory` shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes…
- risk 0.35cvss 6.5epss 0.00
The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode.…
- CVE-2011-0643Jan 25, 2011risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in admin/conf_users_edit.php in PHP Link Directory (phpLD) 4.1.0 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via the N action.
- CVE-2008-6851Jul 7, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the name parameter.
- CVE-2007-0529Jan 26, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate…