VYPR

Simple Link Directory

by WordPress

Source repositories

CVEs (12)

  • CVE-2025-49901CriOct 22, 2025
    risk 0.64cvss 9.8epss 0.01

    Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Authentication Abuse.This issue affects Simple Link Directory: from n/a through < 14.8.1.

  • CVE-2022-0760CriMar 21, 2022
    risk 0.58cvss 9.8epss 0.11

    The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL…

  • CVE-2025-32297HigJul 4, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows SQL Injection.This issue affects Simple Link Directory: from n/a through < 14.8.1.

  • CVE-2025-48297HigAug 20, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Reflected XSS.This issue affects Simple Link Directory: from n/a through < 14.8.1.

  • CVE-2026-7209MedMay 2, 2026
    risk 0.42cvss 6.4epss 0.00

    The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `qcopd-directory` shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes…

  • CVE-2019-13463MedMar 20, 2020
    risk 0.40cvss 6.1epss 0.01

    An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement.

  • CVE-2026-53742MedJun 10, 2026
    risk 0.35cvss 5.4epss 0.00

    Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser.

  • CVE-2026-53741MedJun 10, 2026
    risk 0.35cvss 5.4epss 0.00

    Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor.

  • CVE-2024-12417MedDec 13, 2024
    risk 0.35cvss 6.5epss 0.00

    The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode.…

  • CVE-2025-67576MedDec 9, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.

  • CVE-2025-32296MedMay 16, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through < 14.8.1.

  • CVE-2025-67465MedDec 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Cross Site Request Forgery.This issue affects Simple Link Directory: from n/a through <= 8.8.3.