GHSA-w47h-mhf5-ch25MediumCVSS 5.4
Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes...
🔗 CVE IDs covered (1)
📋 Description
Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser.