What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9.
Explanation of Vulnerability in Simple Terms
02Summary
Simple Business Directory Pro versions 15.6.9 and earlier contain a critical vulnerability that allows unauthenticated attackers to read sensitive data, modify site content, and disrupt service. The vulnerability requires no user interaction and can be exploited remotely over the network. All installations of affected versions should be updated immediately.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify or delete content, and disrupt the site without authentication.
Potential impact on your site
04Site Impact
Attackers can steal data, deface your directory, or take the site offline without needing a user account.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
May 23, 2025
CVE published
May 12, 2026
Record updated