CVE-2026-53742

MEDIUM NVD

CVSS Score 5.4

Severity MEDIUM

Published Jun 10, 2026

Vendor unknown

Description

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser.

References

https://wordpress.org/plugins/simple-link-directory/
https://www.vulncheck.com/advisories/simple-link-directory-through-stored-xss-via-embed-shortcode-attributes