CVE-2025-48297: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WordPress plugin Simple Link Directory versions prior to 14.8.1. The vulnerability was identified and disclosed on July 16, 2025, by security researcher João Pedro Soares de Alcântara. This security flaw is tracked as CVE-2025-48297 and affects the Simple Link Directory plugin's web page generation functionality (Patchstack, Wordfence).

The vulnerability stems from improper neutralization of input during web page generation, allowing for Reflected Cross-Site Scripting attacks. The issue has been assigned a CVSS score of 7.1 (Medium severity), indicating a moderate level of risk. The vulnerability can be exploited without authentication, making it particularly concerning for affected installations (Patchstack).

If exploited, this vulnerability could allow malicious actors to inject harmful scripts, including redirects and unwanted advertisements, into the affected website. These malicious payloads would be executed when visitors access the compromised site, potentially leading to various security issues (Patchstack).

The vulnerability has been patched in version 14.8.1 of the Simple Link Directory plugin. Website administrators are strongly advised to update to this version or later immediately. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).