Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

smackcoders — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting smackcoders. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by smackcoders:WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressExport All Posts, Products, Orders, Refunds & UsersSendGrid for WordPressLead Form Data Collection to CRMWordPress Helpdesk IntegrationWP Import – Ultimate CSV XML Importer for WordPress
CVE IDTitleCVSSSeverityPublished
CVE-2026-1317 WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-89 6.5 Medium2026-02-18
CVE-2025-14627 WP Import – Ultimate CSV XML Importer for WordPress <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-918 6.4 Medium2026-01-01
CVE-2025-13606 Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure — Export All Posts, Products, Orders, Refunds & UsersCWE-352 6.5 Medium2025-12-02
CVE-2025-13145 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-502 7.2 High2025-11-19
CVE-2025-12732 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33 - Missing Authorization to Authenticated (Author+) Sensitive Information Exposure — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-200 4.3 Medium2025-11-12
CVE-2025-10057 WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection — WP Import – Ultimate CSV XML Importer for WordPressCWE-94 8.8 High2025-09-17
CVE-2025-10058 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-73 8.1 High2025-09-17
CVE-2025-10040 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-862 7.7 High2025-09-10
CVE-2025-9990 WordPress Helpdesk Integration <= 5.8.10 - Unauthenticated Local File Inclusion — WordPress Helpdesk IntegrationCWE-98 8.1 High2025-09-05
CVE-2025-5692 Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions — Lead Form Data Collection to CRMCWE-862 6.3 Medium2025-07-02
CVE-2025-2008 Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-434 8.8 High2025-04-01
CVE-2025-2007 Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-23 8.1 High2025-04-01
CVE-2025-2332 Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection — Export All Posts, Products, Orders, Refunds & UsersCWE-502 9.8 Critical2025-03-27
CVE-2024-12315 Export All Posts, Products, Orders, Refunds & Users <= 2.9.3 - Information Disclosure Through Unprotected Directory — Export All Posts, Products, Orders, Refunds & UsersCWE-922 7.5 High2025-02-12
CVE-2024-9364 SendGrid for WordPress <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log Deletion — SendGrid for WordPressCWE-862 4.3 Medium2024-10-18
CVE-2024-43965 WordPress SendGrid for WordPress plugin <= 1.4 - SQL Injection vulnerability — SendGrid for WordPressCWE-89 8.2 High2024-08-29
CVE-2023-2487 WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure — Export All Posts, Products, Orders, Refunds & UsersCWE-200 5.9 Medium2023-12-21
CVE-2023-45066 WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure — Export All Posts, Products, Orders, Refunds & UsersCWE-200 5.9 Medium2023-11-30
CVE-2023-4142 WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-94 8.0 High2023-08-04
CVE-2023-4141 WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code Execution — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-94 8.0 High2023-08-04
CVE-2023-4139 WP Ultimate CSV Importer <= 7.9.8 - Sensitive Information Exposure via Directory Listing — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-200 7.5 High2023-08-04
CVE-2023-4140 WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-269 6.6 Medium2023-08-04

This page lists every published CVE security advisory associated with smackcoders. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.