GHSA-8xmc-m5c8-64g5MediumCVSS 5.4
Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a...
🔗 CVE IDs covered (1)
📋 Description
Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor.