CVE-2026-53742

MEDIUM WAF: High

CVSS 5.4 Published: 2026-06-10

CWE-79

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

References

wordpress.org
www.vulncheck.com

Back to CVE Database