WordPress Plugin Vulnerabilities

Simple Link Directory < 7.3.5 - Cross-Site Scripting (XSS)

Description

An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the 'echo get_the_title()' or 'echo $term->name' statement.

Affects Plugins

Plugin icon
simple-link-directory
Fixed in 7.3.5

References

CVE
CVE-2019-13463

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
8b8b97c0-a74c-4067-8ead-46adfe45264a

Timeline

Publicly Published
2019-07-09 (about 6 years ago)
Added
2020-03-21 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-11-08
Title
Web Stories Widgets For Elementor < 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-06-27
Title
HT Mega – Absolute Addons for WPBakery Page Builder < 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-09-30
Title
Depicter Slider < 3.5.0 - Authenticated (Editor+) Stored Cross-Site Scripting
Published
2025-10-20
Title
Rocket < 3.20.0.2 - Authenticated (Author+) Stored Cross-Site Scripting
Published
2023-02-15
Title
Archivist - Custom Archive Templates < 1.7.5 - Admin+ Stored XSS