Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

specialk — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting specialk. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by specialk:User Submitted Posts – Enable Users to Submit Posts from the Front EndSimple Download CounterSimple Ajax Chat – Add a Fast, Secure Chat BoxTheme Switcha – Easily Switch Themes for Development and TestingDashboard Widgets SuiteBanhammer – Monitor Site Traffic, Block Bad Users and BotsHead Meta DataBlackhole for Bad BotsPrismatic
CVE IDTitleCVSSSeverityPublished
CVE-2026-3876 Prismatic <= 3.7.3 - Unauthenticated Stored Cross-Site Scripting via 'prismatic_encoded' Pseudo-Shortcode — PrismaticCWE-79 7.2 High2026-04-16
CVE-2026-4278 Simple Download Counter <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute — Simple Download CounterCWE-79 6.4 Medium2026-03-26
CVE-2026-4329 Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header — Blackhole for Bad BotsCWE-79 7.2 High2026-03-26
CVE-2026-2987 Simple Ajax Chat <= 20260217 - Unauthenticated Stored Cross-Site Scripting via 'c' — Simple Ajax Chat – Add a Fast, Secure Chat BoxCWE-79 6.1 Medium2026-03-12
CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter — User Submitted Posts – Enable Users to Submit Posts from the Front EndCWE-863 5.3 Medium2026-02-18
CVE-2026-0800 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field — User Submitted Posts – Enable Users to Submit Posts from the Front EndCWE-79 7.2 High2026-01-24
CVE-2026-0608 Head Meta Data <= 20251118 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta — Head Meta DataCWE-79 6.4 Medium2026-01-20
CVE-2026-0913 User Submitted Posts <= 20260110 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode — User Submitted Posts – Enable Users to Submit Posts from the Front EndCWE-79 6.4 Medium2026-01-16
CVE-2025-13677 Simple Download Counter <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal — Simple Download CounterCWE-22 4.9 Medium2025-12-10
CVE-2025-10745 Banhammer – Monitor Site Traffic, Block Bad Users and Bots <= 3.4.8 - Unauthenticated Protection Mechanism Bypass — Banhammer – Monitor Site Traffic, Block Bad Users and BotsCWE-330 5.3 Medium2025-09-26
CVE-2025-2874 User Submitted Posts <= 20241026 - Authenticated (Admin+) Stored Cross-Site Scripting — User Submitted Posts – Enable Users to Submit Posts from the Front EndCWE-79 4.4 Medium2025-04-03
CVE-2025-1730 Simple Download Counter <= 2.0 - Authenticated (Author+) Arbitrary File Read — Simple Download CounterCWE-73 6.5 Medium2025-03-01
CVE-2024-0979 Dashboard Widgets Suite <= 3.4.3 - Reflected Cross-Site Scripting — Dashboard Widgets SuiteCWE-79 6.1 Medium2024-06-13
CVE-2024-2956 Simple Ajax Chat <= 20231101 - Authenticated (Admin+) Stored Cross-Site Scripting — Simple Ajax Chat – Add a Fast, Secure Chat BoxCWE-79 4.4 Medium2024-03-27
CVE-2023-5614 Theme Switcha <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Theme Switcha – Easily Switch Themes for Development and TestingCWE-79 6.4 Medium2023-10-20
CVE-2023-4838 WordPress Plugin Simple Download Counter 跨站脚本漏洞 — Simple Download Counter 6.4 Medium2023-09-09
CVE-2023-4779 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — User Submitted Posts – Enable Users to Submit Posts from the Front EndCWE-79 6.4 Medium2023-09-06
CVE-2023-4308 User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content' — User Submitted Posts – Enable Users to Submit Posts from the Front EndCWE-79 7.2 High2023-08-15
CVE-2019-25138 User Submitted Posts <= 20190312 - Unauthenticated Arbitrary File Upload — User Submitted Posts – Enable Users to Submit Posts from the Front EndCWE-434 9.8 Critical2023-06-07

This page lists every published CVE security advisory associated with specialk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.