WP-Safety

Simple Link Directory Security & Risk Analysis

wordpress.org/plugins/simple-link-directory

Free LINK DIRECTORY Plugin for WordPress to Curate Links for Web Directory. Link management, Directory Listings, Link Archive, Vendor Directory

2K active installs v8.8.6 PHP 7.4+ WP 4.6+ Updated Feb 6, 2026
directorydirectory-listinglink-directorylink-managementweb-directory
86
A · Safe
CVEs total6
Unpatched0
Last CVEDec 15, 2025
Plugin page Download
Safety Verdict

Is Simple Link Directory Safe to Use in 2026?

Generally Safe

Score 86/100

Simple Link Directory has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Dec 15, 2025Updated 1mo ago
Risk Assessment

The plugin 'simple-link-directory' v8.8.7 exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of SQL prepared statements and properly escaped output, there are significant concerns that temper its overall safety.

The static analysis reveals an attack surface of 14 entry points, with one AJAX handler notably lacking authentication checks. This unsupervised entry point is a direct pathway for potential exploitation. Furthermore, the taint analysis identified one high-severity flow with unsanitized paths, suggesting a potential for code injection or similar vulnerabilities that could compromise the application.

The plugin's vulnerability history is a major red flag. With 6 known CVEs, including one critical and one high severity, even though none are currently unpatched, the pattern of past vulnerabilities points to recurring security weaknesses. The types of past vulnerabilities (CSRF, Missing Authorization, Code Injection, SQL Injection, XSS, Deserialization) indicate a history of mishandling user input and authorization. While the plugin has a recent vulnerability date of 2025-12-15, this could indicate ongoing research or that the data is from a future perspective. The overall picture is one of a plugin that has had significant security issues in the past, and while current analysis shows some improvements, the history warrants caution. The presence of the unauthenticated AJAX handler and the high-severity taint flow are immediate risks that need addressing.

Key Concerns

  • Unprotected AJAX handler
  • High severity unsanitized path taint flow
  • History of critical vulnerabilities
  • History of high severity vulnerabilities
Vulnerabilities
6

Simple Link Directory Security Vulnerabilities

CVEs by Year

1 CVE in 2018
2018
1 CVE in 2019
2019
1 CVE in 2022
2022
1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
4

6 total CVEs

CVE-2025-67465medium · 4.3Cross-Site Request Forgery (CSRF)

Simple Link Directory <= 8.8.3 - Cross-Site Request Forgery

Dec 15, 2025 Patched in 8.8.4 (6d)
CVE-2025-67576medium · 5.3Missing Authorization

Simple Link Directory <= 8.8.3 - Missing Authorization

Dec 15, 2025 Patched in 8.8.4 (6d)
CVE-2024-12417medium · 6.5Improper Control of Generation of Code ('Code Injection')

Simple Link Directory <= 8.4.5 - Unauthenticated Arbitrary Shortcode Execution

Dec 12, 2024 Patched in 8.4.6 (50d)
CVE-2022-0760critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Simple Link Directory <= 7.7.1 - Unauthenticated SQL Injection

Feb 28, 2022 Patched in 7.7.2 (694d)
CVE-2019-13463medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Link Directory < 7.3.5 - Reflected Cross-Site Scripting

Jul 9, 2019 Patched in 7.3.5 (1659d)
WF-bd302d8e-bba1-4fa1-bcbc-591d894ca1d6-simple-link-directoryhigh · 8.8Deserialization of Untrusted Data

Simple Link Directory <= 5.6.0 - PHP Object Injection

Nov 12, 2018 Patched in 5.7.0 (1898d)
Code Analysis
Analyzed Mar 16, 2026

Simple Link Directory Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
16 prepared
Unescaped Output
86
1216 escaped
Nonce Checks
14
Capability Checks
41
File Operations
6
External Requests
0
Bundled Libraries
2

Bundled Libraries

TinyMCEjQuery

SQL Query Safety

80% prepared20 total queries

Output Escaping

93% escaped1302 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

12 flows2 with unsanitized paths
goodbye_form_callback (class-plugin-deactivate-feedback.php:402)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Simple Link Directory Attack Surface

Entry Points14
Unprotected1

AJAX Handlers 13

authwp_ajax_goodbye_formclass-plugin-deactivate-feedback.php:62
authwp_ajax_cmb_request_imageinc\cmb\classes.fields.php:645
authwp_ajax_cmb_post_selectinc\cmb\classes.fields.php:1427
authwp_ajax_qcopd_upvote_actionqc-opd-ajax-stuffs.php:140
noprivwp_ajax_qcopd_upvote_actionqc-opd-ajax-stuffs.php:141
authwp_ajax_qcld_sld_import_csv_from_folderqc-sld-import-demo-data.php:433
noprivwp_ajax_qcld_sld_import_csv_from_folderqc-sld-import-demo-data.php:434
authwp_ajax_qc_sld_process_qc_promo_formqc-support-promo-page\class-qc-support-promo-page.php:118
authwp_ajax_qcld_recommend_support_function_first_sld_ajaxqc-support-promo-page\qc-clr-recommendbot-support-plugin.php:6
authwp_ajax_qcld_recommend_support_function_second_sld_ajaxqc-support-promo-page\qc-clr-recommendbot-support-plugin.php:352
authwp_ajax_qcld_recommend_support_function_third_sld_ajaxqc-support-promo-page\qc-clr-recommendbot-support-plugin.php:699
authwp_ajax_qcld_recommend_support_function_four_sld_ajaxqc-support-promo-page\qc-clr-recommendbot-support-plugin.php:1078
authwp_ajax_show_qcsld_shortcodesqcopd-shortcode-generator.php:271

Shortcodes 1

[qcopd-directory] qc-op-directory-shortcodes.php:57
WordPress Hooks 62
actionadmin_footer-plugins.phpclass-plugin-deactivate-feedback.php:61
filterwp_mail_content_typeclass-plugin-deactivate-feedback.php:97
actionplugin_row_metaclass-qc-free-plugin-upgrade-notice.php:112
actionadmin_menuclass-qc-free-plugin-upgrade-notice.php:154
actionwp_enqueue_scriptsembed\embedder.php:7
filtertemplate_includeembed\embedder.php:28
actioninitembed\embedder.php:34
actionqcsld_attach_embed_btnembed\embedder.php:78
actionwp_footerembed\embedder.php:177
actionenqueue_block_assetsgutenberg\sld-block\src\init.php:33
actionenqueue_block_editor_assetsgutenberg\sld-block\src\init.php:64
actionadd_meta_boxesinc\cmb\class.cmb-meta-box.php:18
actioncmb_init_fieldsinc\cmb\class.cmb-meta-box.php:19
actionadmin_menuinc\cmb\class.cmb-meta-box.php:21
actionsave_postinc\cmb\class.cmb-meta-box.php:22
actionedit_attachmentinc\cmb\class.cmb-meta-box.php:23
actioncmb_save_fieldsinc\cmb\class.cmb-meta-box.php:24
actionadmin_enqueue_scriptsinc\cmb\class.cmb-meta-box.php:26
actionadmin_enqueue_scriptsinc\cmb\class.cmb-meta-box.php:27
actioninitinc\cmb\custom-meta-boxes.php:63
filterqueryinc\cmb\custom-meta-boxes.php:156
actionadmin_menumodules\addons\addons.php:4
actioninitqc-op-directory-assets.php:5
actionwp_enqueue_scriptsqc-op-directory-assets.php:8
actionadmin_enqueue_scriptsqc-op-directory-assets.php:9
actionwp_enqueue_scriptsqc-op-directory-assets.php:10
actionadmin_menuqc-op-directory-import.php:9
actioninitqc-op-directory-main.php:82
actionwp_headqc-op-directory-main.php:85
actionmanage_posts_extra_tablenavqc-op-directory-main.php:113
actionbuypro_promotional_linkqc-op-directory-main.php:133
filtercustom_menu_orderqc-op-directory-main.php:199
actionadmin_menuqc-op-directory-main.php:201
actionadmin_noticesqc-op-directory-main.php:252
actionadmin_menuqc-op-directory-main.php:269
actionadd_meta_boxesqc-op-directory-main.php:281
actionplugins_loadedqc-op-directory-main.php:304
actionactivated_pluginqc-op-directory-main.php:350
actioninitqc-op-directory-main.php:357
filterpost_row_actionsqc-op-directory-main.php:362
filtersld_cat_row_actionsqc-op-directory-main.php:372
actionadmin_menuqc-op-directory-main.php:388
actionadmin_noticesqc-op-directory-main.php:391
actioninitqc-op-directory-post-type.php:70
actioninitqc-op-directory-post-type.php:71
filtercmb_meta_boxesqc-op-directory-post-type.php:140
filtermanage_sld_posts_columnsqc-op-directory-post-type.php:175
actionmanage_sld_posts_custom_columnqc-op-directory-post-type.php:176
actionwp_footerqc-op-directory-shortcodes.php:457
actionadmin_headqc-opd-ajax-stuffs.php:6
actionadmin_initqc-opd-setting-options.php:19
actionadmin_menuqc-opd-setting-options.php:22
actionadmin_initqc-rating-feature\qc-rating-class.php:26
actionadmin_enqueue_scriptsqc-rating-feature\qc-rating-class.php:90
actionadmin_noticesqc-rating-feature\qc-rating-class.php:91
actionadmin_menuqc-support-promo-page\class-qc-support-promo-page.php:32
actionadmin_enqueue_scriptsqc-support-promo-page\class-qc-support-promo-page.php:62
filtermce_external_pluginsqcopd-shortcode-generator.php:8
filtermce_buttonsqcopd-shortcode-generator.php:9
actioninitqcopd-shortcode-generator.php:27
actionadmin_enqueue_scriptsqcopd-shortcode-generator.php:37
actionadmin_footerqcopd-shortcode-generator.php:306
Maintenance & Trust

Simple Link Directory Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 6, 2026
PHP min version7.4
Downloads334K

Community Trust

Rating96/100
Number of ratings120
Active installs2K
Alternatives

Simple Link Directory Alternatives

WP Links Page

WP Links Page

wp-links-page

A
95

This plugin allows you to create a dynamic link gallery with screenshots of each link.

4K 5 CVEs
DirectoryPress Frontend

DirectoryPress Frontend

directorypress-frontend

A
99

This plugin provides frontend listing functionality for [DirectoryPress - Directory Listing Plugin](https://designinvento.

1K 1 CVE
DirectoryPress – Business Directory And Classified Ad Listing

DirectoryPress – Business Directory And Classified Ad Listing

directorypress

B
83

DirectoryPress is most advanced and flexible directory listing plugin with wide range of features, You can build a business directory, classified list &hellip;

900 8 CVEs
aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory

aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory

adirectory

A
89

aDirectory is a lightweight, scalable, fast WordPress directory plugin for building any type of directories, classifieds, and job boards websites.

500 4 CVEs
Disable Directory Listings

Disable Directory Listings

disable-directory-listings

A
85

Prevent virtual directory listing services from listing the contents of directories, and/or show a page in place of a directory's listing.

100 No CVEs
Developer Profile

Simple Link Directory Developer Profile

QuantumCloud

29 plugins · 26K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
255 days
View full developer profile
Detection Fingerprints

How We Detect Simple Link Directory

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simple-link-directory/assets/css/sld-admin-style.css/wp-content/plugins/simple-link-directory/assets/css/sld-frontend.css/wp-content/plugins/simple-link-directory/assets/js/sld-frontend-script.js/wp-content/plugins/simple-link-directory/assets/js/slick.min.js/wp-content/plugins/simple-link-directory/assets/js/jqc-slick.min.js/wp-content/plugins/simple-link-directory/embed/js/embedder.js
Script Paths
/wp-content/plugins/simple-link-directory/assets/js/sld-frontend-script.js/wp-content/plugins/simple-link-directory/assets/js/slick.min.js/wp-content/plugins/simple-link-directory/assets/js/jqc-slick.min.js/wp-content/plugins/simple-link-directory/embed/js/embedder.js
Version Parameters
simple-link-directory/assets/css/sld-admin-style.css?ver=simple-link-directory/assets/css/sld-frontend.css?ver=simple-link-directory/assets/js/sld-frontend-script.js?ver=simple-link-directory/assets/js/slick.min.js?ver=simple-link-directory/assets/js/jqc-slick.min.js?ver=simple-link-directory/embed/js/embedder.js?ver=

HTML / DOM Fingerprints

CSS Classes
qcsld-promo-linksld-noticesld_info_carouselsld_info_item
HTML Comments
/*01-27-2026*//*05-31-2017*//*05-31-2017 - Ends*//* Option page */+1 more
Data Attributes
data-post_type="sld"
JS Globals
QCOPD_URLQCOPD_IMG_URLQCOPD_ASSETS_URLQCOPD_DIRQCOPD_INC_DIROCOPD_TPL_URL+2 more
Shortcode Output
<a href="https://www.quantumcloud.com/products/simple-link-directory/" target="_blank" class="button qcsld-promo-link">Upgrade to Pro</a><a href="" class="button">Add New List of Links</a>**SLD Pro Tip: Did you know that you can
FAQ

Frequently Asked Questions about Simple Link Directory