Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

smub — Vulnerabilities & Security Advisories 75

Browse all 75 CVE security advisories affecting smub. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products smub:Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCharitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & MoreAll in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase TrafficWPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & MoreSydney ToolboxExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & MorePhoto Gallery, Sliders, Proofing and Themes – NextGEN GalleryaThemes Addons for ElementorUserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in SecondsGiveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social FollowersCustom Twitter Feeds – A Tweets Widget or X Feed WidgetFeeds for YouTube (YouTube video, channel, and gallery plugin)WP Mail LoggingReviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and MoreEasy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and moreContact Form & SMTP Plugin for WordPress by PirateFormsPopup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead GenerationWP Lightbox 2Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & MoreWP Mail SMTP by WPForms – The Most Popular SMTP and Email Log PluginaThemes Starter SitesTransients ManagerSugar Calendar – Events Calendar, Event Tickets, and Events Management PlatformSmash Balloon Social Post Feed – Simple Social Feeds for WordPress
CVE IDTitleCVSSSeverityPaused
CVE-2024-13453 Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution — Contact Form & SMTP Plugin for WordPress by PirateFormsCWE-94 7.3 High2025-01-30
CVE-2024-13517 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Title — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-79 4.4 Medium2025-01-18
CVE-2024-12875 Easy Digital Downloads <= 3.3.2 - Authenticated (Admin+) Arbitrary File Download — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-73 4.9 Medium2024-12-21
CVE-2024-9654 Easy Digital Downloads 3.1 - 3.3.4 - Improper Authorization to Paywall Bypass — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-863 3.7 Low2024-12-17
CVE-2024-11205 WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation — WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & MoreCWE-862 8.5 High2024-12-10
CVE-2024-10878 Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting — Sugar Calendar – Events Calendar, Event Tickets, and Events Management PlatformCWE-79 6.1 Medium2024-11-26
CVE-2024-10593 WPForms – Easy Form Builder for WordPress <= 1.9.1.6 - Cross-Site Request Forgery (CSRF) to Plugin's Log Deletion — WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & MoreCWE-352 4.3 Medium2024-11-13
CVE-2024-10876 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.3 - Reflected Cross-Site Scripting — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & MoreCWE-79 6.1 Medium2024-11-09
CVE-2024-10045 Transients Manager <= 2.0.6 - Cross-Site Request Forgery — Transients ManagerCWE-352 4.3 Medium2024-10-23
CVE-2022-2439 Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 3.3.3 - Authenticated (Admin+) PHAR Deserialization — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-502 7.2 High2024-09-24
CVE-2024-8791 Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & MoreCWE-639 9.8 Critical2024-09-24
CVE-2024-8199 Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update — Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and MoreCWE-862 4.3 Medium2024-08-27
CVE-2024-8200 Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Cross-Site Request Forgery — Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and MoreCWE-352 4.3 Medium2024-08-27
CVE-2024-6692 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Agreement Text — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-79 3.3 Low2024-08-10
CVE-2024-6691 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Currency Settings — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-79 4.4 Medium2024-08-10
CVE-2024-6897 aThemes Starter Sites <= 1.0.53 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — aThemes Starter SitesCWE-79 6.4 Medium2024-07-27
CVE-2024-6694 WP Mail SMTP <= 4.0.1 - Authenticated (Admin+) SMTP Password Exposure — WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log PluginCWE-257 2.7 Low2024-07-20
CVE-2024-5902 UserFeedback Lite <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Name Parameter — UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in SecondsCWE-79 7.2 High2024-07-12
CVE-2024-6256 Feeds for YouTube (YouTube video, channel, and gallery plugin) <= 2.2.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Feeds for YouTube (YouTube video, channel, and gallery plugin)CWE-79 6.4 Medium2024-07-11
CVE-2024-6210 Duplicator <= 1.5.9 - Full Path Disclosure — Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & MoreCWE-200 5.3 Medium2024-07-11
CVE-2024-6263 WP Lightbox 2 <= 3.0.6.6 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — WP Lightbox 2CWE-79 6.4 Medium2024-07-03
CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI — Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and moreCWE-257 2.7 Low2024-06-13
CVE-2024-4045 Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation <= 2.16.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead GenerationCWE-79 6.4 Medium2024-05-25
CVE-2024-4473 Sydney Toolbox <= 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget — Sydney ToolboxCWE-79 6.4 Medium2024-05-14
CVE-2024-4036 Sydney Toolbox <= 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting — Sydney ToolboxCWE-79 6.4 Medium2024-05-02
CVE-2024-3649 Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.8.7.2 - Unauthenticated Price Manipulation — WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & MoreCWE-472 5.3 Medium2024-05-02
CVE-2024-3554 All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase TrafficCWE-79 6.4 Medium2024-05-02
CVE-2024-3208 Sydney Toolbox <= 1.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery — Sydney ToolboxCWE-79 6.4 Medium2024-04-09
CVE-2024-3097 WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure — Photo Gallery, Sliders, Proofing and Themes – NextGEN GalleryCWE-862 5.3 Medium2024-04-09
CVE-2024-2302 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.2.9 - Sensitive Information Exposure — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-532 5.3 Medium2024-04-09

This page lists every published CVE security advisory associated with smub. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.