Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

smub — Vulnerabilities & Security Advisories 84

Browse all 84 CVE security advisories affecting smub. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Smub operates as a software development and IT services provider, primarily focusing on enterprise application development and digital transformation solutions. With seventy-five recorded Common Vulnerabilities and Exposures (CVEs), the platform has historically exhibited significant security deficiencies. Analysis of these vulnerabilities reveals a recurring pattern of critical flaws, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, which often stem from inadequate input validation and insufficient access controls. Privilege escalation issues further compound these risks, allowing unauthorized users to gain elevated system permissions. While specific major public incidents remain largely undocumented in open-source intelligence, the high volume of CVEs indicates systemic weaknesses in the development lifecycle. These persistent security gaps suggest that Smub’s infrastructure requires rigorous auditing and immediate remediation to prevent potential exploitation by malicious actors seeking to compromise sensitive enterprise data.

Top products by smub: Easy Digital Downloads – eCommerce Payments and Subscriptions made easy All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More Sydney Toolbox ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery aThemes Addons for Elementor UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Custom Twitter Feeds – A Tweets Widget or X Feed Widget Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers Feeds for YouTube (YouTube video, channel, and gallery plugin) WP Mail Logging Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more Contact Form & SMTP Plugin for WordPress by PirateForms Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager Slider by Soliloquy – Responsive Image Slider for WordPress Smash Balloon Social Post Feed – Simple Social Feeds for WordPress PDF Embedder Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform Transients Manager aThemes Starter Sites WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More WP Lightbox 2 Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation
CVE IDTitleCVSSSeverityPublished
CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI — Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and moreCWE-257 2.7 Low2024-06-13
CVE-2024-4045 Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation <= 2.16.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead GenerationCWE-79 6.4 Medium2024-05-25
CVE-2024-4473 Sydney Toolbox <= 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget — Sydney ToolboxCWE-79 6.4 Medium2024-05-14
CVE-2024-4036 Sydney Toolbox <= 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting — Sydney ToolboxCWE-79 6.4 Medium2024-05-02
CVE-2024-3649 Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.8.7.2 - Unauthenticated Price Manipulation — WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & MoreCWE-472 5.3 Medium2024-05-02
CVE-2024-3554 All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase TrafficCWE-79 6.4 Medium2024-05-02
CVE-2024-3208 Sydney Toolbox <= 1.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery — Sydney ToolboxCWE-79 6.4 Medium2024-04-09
CVE-2024-3097 WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure — Photo Gallery, Sliders, Proofing and Themes – NextGEN GalleryCWE-862 5.3 Medium2024-04-09
CVE-2024-2302 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.2.9 - Sensitive Information Exposure — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-532 5.3 Medium2024-04-09
CVE-2024-2936 Sydney Toolbox <= 1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id — Sydney ToolboxCWE-79 6.4 Medium2024-03-29
CVE-2024-1935 Giveaways and Contests by RafflePress <= 1.12.5 - Unauthenticated Stored Cross-Site Scripting — Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social FollowersCWE-79 7.2 High2024-03-13
CVE-2024-0903 User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.0.13 - Unauthenticated Stored Cross-Site Scripting — UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in SecondsCWE-79 5.4 Medium2024-02-22
CVE-2024-0379 Custom Twitter Feeds – A Tweets Widget or X Feed Widget <= 2.2.1 - Cross-Site Request Forgery to Plugin Options Update — Custom Twitter Feeds – A Tweets Widget or X Feed WidgetCWE-352 4.3 Medium2024-02-20
CVE-2024-1447 Sydney Toolbox <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting — Sydney ToolboxCWE-79 6.4 Medium2024-02-20
CVE-2024-0659 Easy Digital Downloads <= 3.2.6 - Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-79 5.5 Medium2024-02-05
CVE-2023-6742 Envira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images — Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & MoreCWE-862 4.3 Medium2024-01-11
CVE-2023-5049 Giveaways and Contests by RafflePress <= 1.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social FollowersCWE-79 6.4 Medium2023-10-30
CVE-2023-4841 Feeds for YouTube <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Feeds for YouTube (YouTube video, channel, and gallery plugin)CWE-79 6.4 Medium2023-09-14
CVE-2023-4404 Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & MoreCWE-269 9.8 Critical2023-08-23
CVE-2023-3081 WP Mail Logging <= 1.11.1 - Unauthenticated Stored Cross-Site Scripting via Email — WP Mail LoggingCWE-79 7.2 High2023-07-12
CVE-2019-25145 Contact Form & SMTP Plugin by PirateForms <= 2.5.1 - Unauthenticated HTML injection — Contact Form & SMTP Plugin for WordPress by PirateFormsCWE-79 7.2 High2023-06-07
CVE-2019-25141 Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update — Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and moreCWE-862 9.8 Critical2023-06-07
CVE-2023-0586 All in One SEO Pack <= 4.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase TrafficCWE-79 6.4 Medium2023-02-24
CVE-2023-0585 All in One SEO Pack <= 4.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting — All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase TrafficCWE-79 4.4 Medium2023-02-24

This page lists every published CVE security advisory associated with smub. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.