CVE-2026-53742 is a Medium severity vulnerability (CVSS Score: 5.1) in the Simple Link Directory plugin through version 9.0.4 for WordPress. The plugin echoes embed shortcode attributes into HTML data attributes without proper escaping in the embedder template. This allows attackers with contributor access to craft a shortcode attribute that injects an event handler executing in a viewer's browser, enabli [truncated]
CVE-2026-53741 is a stored cross-site scripting (XSS) vulnerability in the Simple Link Directory plugin through version 9.0.4. The vulnerability occurs because the plugin interpolates the sld_no_results_found option into a JavaScript string literal without proper encoding. Specifically, the sanitize_text_field function leaves quotes intact, allowing a stored payload to break out of the string and execute [truncated]
