Browse all 4 CVE security advisories affecting SimpleMachines. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SimpleMachines is a lightweight open-source forum software used for creating and managing online discussion communities. Historically, it has been susceptible to various vulnerability classes including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls. While no major security incidents have been widely documented, the 4 CVEs on record highlight consistent but typically low-severity issues. The software's modular architecture allows for extensions that may introduce additional security risks, requiring administrators to maintain regular updates and carefully vet third-party modifications to mitigate potential threats.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-2583 | SimpleMachines SMF ManageNews.php cross site scripting — SMFCWE-79 | 3.5 | Low | 2025-03-21 |
| CVE-2025-2582 | SimpleMachines SMF ManageAttachments.php cross site scripting — SMFCWE-79 | 3.5 | Low | 2025-03-21 |
| CVE-2024-7438 | SimpleMachines SMF User Alert Read Status index.php resource injection — SMFCWE-99 | 4.3 | Medium | 2024-08-03 |
| CVE-2024-7437 | SimpleMachines SMF Delete User index.php resource injection — SMFCWE-99 | 5.4 | Medium | 2024-08-03 |
This page lists every published CVE security advisory associated with SimpleMachines. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.