Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Smackcoders — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting Smackcoders. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Smackcoders is a software development firm specializing in custom web applications and digital solutions for enterprise clients. Their portfolio includes various content management systems and e-commerce platforms, which have historically served as targets for automated scanning tools due to their widespread deployment. Security audits have identified recurring vulnerability classes within their codebase, particularly remote code execution (RCE) and cross-site scripting (XSS), often stemming from insufficient input validation and improper session management. Notably, the firm has been linked to several major incidents involving data breaches resulting from unpatched SQL injection flaws in legacy modules. With 22 CVEs currently on record, the pattern suggests a consistent lack of rigorous secure coding practices during the development lifecycle. These security gaps have led to significant exposure for downstream customers, highlighting critical deficiencies in their internal quality assurance and vulnerability management protocols.

Top products by Smackcoders: WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress Export All Posts, Products, Orders, Refunds & Users SendGrid for WordPress Lead Form Data Collection to CRM WordPress Helpdesk Integration WP Import – Ultimate CSV XML Importer for WordPress
CVE IDTitleCVSSSeverityPublished
CVE-2026-1317 WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-89 6.5 Medium2026-02-18
CVE-2025-14627 WP Import – Ultimate CSV XML Importer for WordPress <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-918 6.4 Medium2026-01-01
CVE-2025-13606 Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure — Export All Posts, Products, Orders, Refunds & UsersCWE-352 6.5 Medium2025-12-02
CVE-2025-13145 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-502 7.2 High2025-11-19
CVE-2025-12732 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33 - Missing Authorization to Authenticated (Author+) Sensitive Information Exposure — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-200 4.3 Medium2025-11-12
CVE-2025-10057 WP Import – Ultimate CSV XML Importer for WordPress 7.20 - 7.28 - Authenticated (Subscriber+) Remote Code Execution via Code Injection — WP Import – Ultimate CSV XML Importer for WordPressCWE-94 8.8 High2025-09-17
CVE-2025-10058 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File Deletion — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-73 8.1 High2025-09-17
CVE-2025-10040 WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP Credential Exposure — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-862 7.7 High2025-09-10
CVE-2025-9990 WordPress Helpdesk Integration <= 5.8.10 - Unauthenticated Local File Inclusion — WordPress Helpdesk IntegrationCWE-98 8.1 High2025-09-05
CVE-2025-5692 Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions — Lead Form Data Collection to CRMCWE-862 6.3 Medium2025-07-02
CVE-2025-2008 Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-434 8.8 High2025-04-01
CVE-2025-2007 Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-23 8.1 High2025-04-01
CVE-2025-2332 Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection — Export All Posts, Products, Orders, Refunds & UsersCWE-502 9.8 Critical2025-03-27
CVE-2024-12315 Export All Posts, Products, Orders, Refunds & Users <= 2.9.3 - Information Disclosure Through Unprotected Directory — Export All Posts, Products, Orders, Refunds & UsersCWE-922 7.5 High2025-02-12
CVE-2024-9364 SendGrid for WordPress <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log Deletion — SendGrid for WordPressCWE-862 4.3 Medium2024-10-18
CVE-2024-43965 WordPress SendGrid for WordPress plugin <= 1.4 - SQL Injection vulnerability — SendGrid for WordPressCWE-89 8.2 High2024-08-29
CVE-2023-2487 WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure — Export All Posts, Products, Orders, Refunds & UsersCWE-200 5.9 Medium2023-12-21
CVE-2023-45066 WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure — Export All Posts, Products, Orders, Refunds & UsersCWE-200 5.9 Medium2023-11-30
CVE-2023-4142 WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-94 8.0 High2023-08-04
CVE-2023-4141 WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code Execution — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-94 8.0 High2023-08-04
CVE-2023-4139 WP Ultimate CSV Importer <= 7.9.8 - Sensitive Information Exposure via Directory Listing — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-200 7.5 High2023-08-04
CVE-2023-4140 WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPressCWE-269 6.6 Medium2023-08-04

This page lists every published CVE security advisory associated with Smackcoders. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.