Description
Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
Published: 2025-12-09
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The WordPress Simple Link Directory plugin contains a missing authorization issue that allows attackers to exploit incorrectly configured access control security levels. By bypassing the intended permission checks, an attacker could potentially perform actions that should be restricted to privileged users, such as modifying plugin settings or accessing sensitive data. The weakness corresponds to CWE-862 (Missing Authorization).

Affected Systems

The vulnerability affects the QuantumCloud Simple Link Directory plugin in all releases up to and including version 8.8.3. Users running any of these versions on a WordPress site are potentially exposed.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate impact, and the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, implying it has not yet been observed as a known exploited vulnerability. Based on the description, the likely attack vector is an attacker manipulating URLs or gaining direct access to the WordPress administration interface where proper authorization checks are missing. The low EPSS score indicates that active exploitation is unlikely at this time.

Generated by OpenCVE AI on April 29, 2026 at 12:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Simple Link Directory plugin to a version newer than 8.8.3.
  • Verify that WordPress role and capability settings restrict administrative actions for non-privileged users.
  • Reduce the exposure by disabling or removing the plugin if it is not required for site functionality.

Generated by OpenCVE AI on April 29, 2026 at 12:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Wed, 10 Dec 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Quantumcloud
Quantumcloud simple Link Directory
Wordpress
Wordpress wordpress
Vendors & Products Quantumcloud
Quantumcloud simple Link Directory
Wordpress
Wordpress wordpress

Tue, 09 Dec 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Dec 2025 14:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
Title WordPress Simple Link Directory plugin <= 8.8.3 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Quantumcloud Simple Link Directory
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T19:24:18.251Z

Reserved: 2025-12-09T12:21:34.120Z

Link: CVE-2025-67576

cve-icon Vulnrichment

Updated: 2025-12-09T15:07:15.592Z

cve-icon NVD

Status : Deferred

Published: 2025-12-09T16:18:34.900

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-67576

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T12:30:10Z

Weaknesses