Medium CVE-2026-53741 Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor. CVSS: 5.4 ·...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

[Medium] CVE-2026-53741 – Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option...

VERWANDTEARTIKEL

CVE-2026-42908

CVE-2026-45639

[High] CVE-2026-53738 – Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke ...

[Medium] CVE-2026-53739 – Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerabi...

[Medium] CVE-2026-53740 – Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink i...

[Medium] CVE-2026-53742 – Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML ...