Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

smub — Vulnerabilities & Security Advisories 75

Browse all 75 CVE security advisories affecting smub. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products smub:Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCharitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & MoreAll in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase TrafficWPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & MoreSydney ToolboxExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & MorePhoto Gallery, Sliders, Proofing and Themes – NextGEN GalleryaThemes Addons for ElementorUserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in SecondsGiveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social FollowersCustom Twitter Feeds – A Tweets Widget or X Feed WidgetFeeds for YouTube (YouTube video, channel, and gallery plugin)WP Mail LoggingReviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and MoreEasy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and moreContact Form & SMTP Plugin for WordPress by PirateFormsPopup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead GenerationWP Lightbox 2Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & MoreWP Mail SMTP by WPForms – The Most Popular SMTP and Email Log PluginaThemes Starter SitesTransients ManagerSugar Calendar – Events Calendar, Event Tickets, and Events Management PlatformSmash Balloon Social Post Feed – Simple Social Feeds for WordPress
CVE IDTitleCVSSSeverityPaused
CVE-2026-5488 ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token' — ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)CWE-862 5.3 Medium2026-04-24
CVE-2026-5464 ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process — ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)CWE-862 7.2 High2026-04-23
CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & MoreCWE-345 5.3 Medium2026-04-07
CVE-2026-1463 Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 4.0.4 - Authenticated (Author+) Local File Inclusion — Photo Gallery, Sliders, Proofing and Themes – NextGEN GalleryCWE-98 8.8 High2026-03-18
CVE-2026-1992 ExactMetrics 8.6.0 - 9.0.2 - Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation — ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)CWE-639 8.8 High2026-03-11
CVE-2026-1993 ExactMetrics 7.1.0 - 9.0.2 - Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update — ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)CWE-269 8.8 High2026-03-11
CVE-2026-1236 Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API — Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & MoreCWE-79 6.4 Medium2026-03-04
CVE-2026-2471 WP Mail Logging <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field — WP Mail LoggingCWE-502 7.5 High2026-02-28
CVE-2025-14384 All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosure — All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase TrafficCWE-862 4.3 Medium2026-01-16
CVE-2025-14783 Easy Digital Downloads <= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirect — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-640 4.3 Medium2025-12-31
CVE-2025-13641 Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 3.59.12 - Authenticated (Contributor+) Local File Inclusion via 'template' — Photo Gallery, Sliders, Proofing and Themes – NextGEN GalleryCWE-98 8.8 High2025-12-18
CVE-2025-12484 Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers <= 1.12.19 - Unauthenticated Stored Cross-Site Scripting — Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social FollowersCWE-79 7.2 High2025-11-19
CVE-2025-12847 All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.8.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Deletion — All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase TrafficCWE-862 4.3 Medium2025-11-15
CVE-2025-12377 Gallery Plugin for WordPress – Envira Photo Gallery <= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gallery Actions — Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & MoreCWE-862 4.3 Medium2025-11-13
CVE-2025-11448 Gallery Plugin for WordPress – Envira Photo Gallery <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery Conversion — Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & MoreCWE-862 4.3 Medium2025-11-08
CVE-2025-12837 aThemes Addons for Elementor <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget — aThemes Addons for ElementorCWE-79 6.4 Medium2025-11-08
CVE-2025-11271 Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-807 5.3 Medium2025-11-06
CVE-2025-11893 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & MoreCWE-89 6.5 Medium2025-10-25
CVE-2025-10694 User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.8.0 - Missing Authorization to Information Disclosure — UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in SecondsCWE-862 5.3 Medium2025-10-25
CVE-2025-8149 aThemes Addons for Elementor Lite <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — aThemes Addons for ElementorCWE-79 6.4 Medium2025-09-06
CVE-2025-8102 Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-352 5.4 Medium2025-08-20
CVE-2025-5275 Charitable <= 1.8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Privacy Settings — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & MoreCWE-79 4.4 Medium2025-06-26
CVE-2025-4577 Smash Balloon Custom Facebook Feed <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-color` Attribute — Smash Balloon Social Post Feed – Simple Social Feeds for WordPressCWE-79 6.4 Medium2025-06-10
CVE-2025-4670 Easy Digital Downloads <= 3.3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via edd_receipt Shortcode — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-79 6.4 Medium2025-05-29
CVE-2025-2892 All in One SEO Pack <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL — All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase TrafficCWE-79 6.4 Medium2025-05-19
CVE-2025-3794 WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter — WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & MoreCWE-79 5.4 Medium2025-05-09
CVE-2025-2252 Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-200 5.3 Medium2025-03-25
CVE-2025-1314 Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function — Custom Twitter Feeds – A Tweets Widget or X Feed WidgetCWE-352 4.3 Medium2025-03-20
CVE-2024-13403 WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter — WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & MoreCWE-79 6.4 Medium2025-02-04
CVE-2024-13547 aThemes Addons for Elementor <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting — aThemes Addons for ElementorCWE-79 6.4 Medium2025-02-01

This page lists every published CVE security advisory associated with smub. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.