The vulnerability is a broken access control in the quantumcloud Simple Link Directory WordPress plugin, allowing unauthorized users to perform actions normally restricted – this capability is inferred from the description because the notice does not explicitly list the specific actions. The weakness is classified as CWE‑862, indicating a failure to enforce appropriate privileges on users, leading to potential integrity and confidentiality risks for site content managed by the plugin.

All releases of the Simple Link Directory plugin older than 14.8.1 run on WordPress sites are affected. The plugin is a WordPress extension that manages external links, so any site that has not upgraded to the fixed version is at risk.

The CVSS score of 5.3 indicates moderate severity, while the EPSS score of less than 1% suggests the probability of a public exploit is currently low. The issue is not listed in the CISA KEV catalog. Attackers could exploit the flaw by sending crafted HTTP requests to the plugin’s endpoints—this method is inferred because the description does not detail the exploitation steps—taking advantage of the misconfigured access controls to gain unauthorized privileges and manipulate link data. The risk remains moderate, but failure to remediate could enable site owners to lose control over linked resources.