CVE-2025-67576 MEDIUM

CVE-2025-67576: WordPress Simple Link Directory plugin <= 8.8.3 - Broken Access Control vulnerability

Vendor Quantumcloud
Product Simple Link Directory
Weakness CWE-862 · Missing authorization
Published December 9, 2025
Last update April 28, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.

Explanation of Vulnerability in Simple Terms

02Summary

Simple Link Directory versions 8.8.3 and earlier fail to properly check user permissions before allowing access to sensitive data. An unauthenticated attacker can read information that should be restricted, such as directory listings or metadata. The vulnerability requires only network access and no user interaction. Update to a version newer than 8.8.3.

What an attacker can do

03Attacker Capabilities

Read restricted directory data and metadata without authentication.

Potential impact on your site

04Site Impact

Sensitive directory information may be exposed to anyone on the internet.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user interaction required.

Key dates

06Disclosure timeline

December 9, 2025 CVE published
April 28, 2026 Record updated