cbcvebase.

Quantumcloud Simple Link Directory vulnerabilities

12 known vulnerabilities affecting quantumcloud/simple_link_directory.

Total CVEs
12
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH2MEDIUM8

Vulnerabilities

Page 1 of 1
CVE-2022-0760P1CRITICALCVSS 9.8ExploitedPoCfixed in 7.7.22022-03-21
CVE-2022-0760 [CRITICAL] CWE-89 CVE-2022-0760: The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id par The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
nvd
CVE-2025-49901P2CRITICALCVSS 9.8≤ 14.8.12025-10-22
CVE-2025-49901 [CRITICAL] CWE-288 CVE-2025-49901: Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link D Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Authentication Abuse.This issue affects Simple Link Directory: from n/a through < 14.8.1.
nvd
CVE-2025-32297P3HIGHCVSS 8.5≤ 14.8.12025-07-04
CVE-2025-32297 [HIGH] CWE-89 CVE-2025-32297: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows SQL Injection.This issue affects Simple Link Directory: from n/a through < 14.8.1.
nvd
CVE-2024-12417P3MEDIUMCVSS 6.5≤ 8.4.52024-12-13
CVE-2024-12417 [MEDIUM] CWE-94 CVE-2024-12417: The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary sh
nvd
CVE-2026-7209P4MEDIUMCVSS 6.4≤ 8.9.22026-05-02
CVE-2026-7209 [MEDIUM] CWE-79 CVE-2026-7209: The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `qcopd-directory` shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes such as `title_font_size`. This makes it possible for authenticated attackers,
nvd
CVE-2025-67576P4MEDIUMCVSS 5.3≤ 8.8.32025-12-09
CVE-2025-67576 [MEDIUM] CWE-862 CVE-2025-67576: Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allo Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
nvd
CVE-2025-32296P4MEDIUMCVSS 5.3≤ 14.8.12025-05-16
CVE-2025-32296 [MEDIUM] CWE-862 CVE-2025-32296: Missing Authorization vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory a Missing Authorization vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through < 14.8.1.
nvd
CVE-2025-48297P4HIGHCVSS 7.1≤ 14.8.12025-08-20
CVE-2025-48297 [HIGH] CWE-79 CVE-2025-48297: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Reflected XSS.This issue affects Simple Link Directory: from n/a through < 14.8.1.
nvd
CVE-2026-53741P4MEDIUMCVSS 5.4≤ 9.0.42026-06-10
CVE-2026-53741 [MEDIUM] CWE-79 CVE-2026-53741: Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript s Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor.
nvd
CVE-2026-53742P4MEDIUMCVSS 5.4≤ 9.0.42026-06-10
CVE-2026-53742 [MEDIUM] CWE-79 CVE-2026-53742: Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes with Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser.
nvd
CVE-2019-13463P4MEDIUMCVSS 6.1fixed in 7.3.52020-03-20
CVE-2019-13463 [MEDIUM] CWE-79 CVE-2019-13463: An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3 An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement.
nvd
CVE-2025-67465P4MEDIUMCVSS 4.3≤ 8.8.32025-12-09
CVE-2025-67465 [MEDIUM] CWE-352 CVE-2025-67465: Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud Simple Link Directory simple-link-di Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Cross Site Request Forgery.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
nvd
Quantumcloud Simple Link Directory vulnerabilities | cvebase