CVE-2019-13463

Name of the Vulnerable Software and Affected Versions: Simple Link Directory plugin versions prior to 7.3.5

Description: The issue allows remote attackers to inject arbitrary web script or HTML. This is because the esc html function is not called for the echo get the title() or echo $term->name statements in the qcopd-shortcode-generator.php file.

Recommendations: For versions prior to 7.3.5, update to version 7.3.5 or later to resolve the issue. As a temporary workaround, consider modifying the qcopd-shortcode-generator.php file to call esc html for the echo get the title() and echo $term->name statements to prevent code injection.