CVE-2019-13463: 
WordPress vulnerability analysis and mitigation

An XSS vulnerability was discovered in qcopd-shortcode-generator.php in the Simple Link Directory plugin before version 7.3.5 for WordPress. The vulnerability allows remote attackers to inject arbitrary web script or HTML due to insufficient sanitization, specifically because esc_html is not called for the 'echo get_the_title()' or 'echo $term->name' statements (NVD).

The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). It has a CVSS v3.1 Base Score of 6.1 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) and a CVSS v2.0 Base Score of 4.3 MEDIUM (Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) (NVD).

The vulnerability allows remote attackers to inject arbitrary web script or HTML into the application. This could potentially lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the affected user's browser (NVD).

Users should upgrade to Simple Link Directory version 7.3.5 or later which contains the fix for this vulnerability. The fix involves properly implementing esc_html for the affected echo statements (WordPress Plugin).