CVE-2026-53741

MEDIUM 5.4

Simple Link Directory through 9.0.4 Stored XSS via sld_no_results_found Option

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor.

CWE	CWE-79
Vendor	quantumcloud
Product	simple link directory
Published	Jun 10, 2026

Stay Ahead of the Next One

Get instant alerts for quantumcloud simple link directory

Be the first to know when new medium vulnerabilities affecting quantumcloud simple link directory are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

quantumcloud / Simple Link Directory

0 ≤ 9.0.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordpress.org: https://wordpress.org/plugins/simple-link-directory/ vulncheck.com: https://www.vulncheck.com/advisories/simple-link-directory-through-stored-xss-via-sld-no-results-found-option

Credits

Scott Moore - VulnCheck