Quantumcloud

Simple Link Directory

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-53742

  • EPSS 0.14%
  • Veröffentlicht 10.06.2026 20:39:46
  • Zuletzt bearbeitet 11.06.2026 15:22:26

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a ...

5.4

CVE-2026-53741

  • EPSS 0.14%
  • Veröffentlicht 10.06.2026 20:39:45
  • Zuletzt bearbeitet 11.06.2026 15:22:26

Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every ...

6.4

CVE-2026-7209

  • EPSS 0.2%
  • Veröffentlicht 02.05.2026 03:36:43
  • Zuletzt bearbeitet 05.05.2026 19:17:22

The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `qcopd-directory` shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping o...

5.3

CVE-2025-67576

  • EPSS 0.23%
  • Veröffentlicht 09.12.2025 14:14:13
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.

4.3

CVE-2025-67465

  • EPSS 0.11%
  • Veröffentlicht 09.12.2025 14:13:55
  • Zuletzt bearbeitet 27.04.2026 18:16:39

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Cross Site Request Forgery.This issue affects Simple Link Directory: from n/a through <= 8.8.3.

9.8

CVE-2025-49901

  • EPSS 0.7%
  • Veröffentlicht 22.10.2025 14:32:10
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Authentication Abuse.This issue affects Simple Link Directory: from n/a through < 14.8.1.

7.1

CVE-2025-48297

  • EPSS 0.22%
  • Veröffentlicht 20.08.2025 08:03:24
  • Zuletzt bearbeitet 23.04.2026 15:31:03

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Reflected XSS.This issue affects Simple Link Directory: from n/a through < 14.8.1...

8.5

CVE-2025-32297

  • EPSS 0.25%
  • Veröffentlicht 04.07.2025 11:18:06
  • Zuletzt bearbeitet 23.04.2026 15:28:55

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows SQL Injection.This issue affects Simple Link Directory: from n/a through < 14.8.1...

6.5

CVE-2024-12417

  • EPSS 0.47%
  • Veröffentlicht 13.12.2024 09:15:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.5. This is due to the software allowing users to execute an action that does not properly validate a value bef...

9.8

CVE-2022-0760

Exploit
  • EPSS 10.83%
  • Veröffentlicht 21.03.2022 19:15:11
  • Zuletzt bearbeitet 21.11.2024 06:39:20

The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to a...