CVE Catalog

CVE-2026-53742

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile — higher than 9% of all known CVEs

Summary

Simple Link Directory version 9.0.4 improperly processes shortcode attributes, leading to their reflection in HTML data attributes without proper escaping. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser.

Risk Assessment

This vulnerability may lead to XSS attacks, posing a risk of session hijacking and data theft. Organizations should be aware of the potential threats associated with contributor account access.

Recommendation

It is recommended to update to the latest version of Simple Link Directory and review contributor account permissions to minimize the risk of abuse.

Original NVD description (English source)

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS