CVE-2026-53741

MEDIUM WAF: High

CVSS 5.4 Published: 2026-06-10

CWE-79

Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

References

wordpress.org
www.vulncheck.com

Back to CVE Database