GHSA-w47h-mhf5-ch25MediumCVSS 5.4

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes...

Published
June 11, 2026
Last Modified
June 11, 2026

🔗 CVE IDs covered (1)

📋 Description

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser.

🔗 References (4)