3 matches found
CVE-2026-7209
The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qcopd-directory shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes such as titlefontsize...
EUVD-2026-26729
The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qcopd-directory shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes such as titlefontsize...
PT-2026-36561
Name of the Vulnerable Software and Affected Versions Simple Link Directory versions prior to 8.9.3 Description The Simple Link Directory plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with contributor-level access or higher can inject arbitrary web...