What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9.
Explanation of Vulnerability in Simple Terms
02Summary
Simple Business Directory Pro versions 15.6.9 and earlier contain a critical vulnerability that allows unauthenticated attackers to read sensitive data, modify site content, and disrupt service. The vulnerability requires no user interaction and can be exploited remotely over the network. All installations of affected versions should be updated immediately.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify or delete content, and disrupt the site without needing to log in.
Potential impact on your site
04Site Impact
Your site's data and functionality are fully compromised; attackers can access, modify, or delete any information.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
August 20, 2025
CVE published
April 28, 2026
Record updated