GHSA-8xmc-m5c8-64g5MediumCVSS 5.4

Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a...

Published
June 11, 2026
Last Modified
June 11, 2026

🔗 CVE IDs covered (1)

📋 Description

Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor.

🔗 References (4)