Browse all 3 CVE security advisories affecting Surfer. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Surfer is a web-based platform primarily used for SEO optimization and content creation, helping users improve search engine rankings. Historically, it has been associated with vulnerabilities including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws. These issues often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely reported, the three CVEs on record highlight recurring security concerns in web applications. The platform's integration with third-party services and user-generated content increases its attack surface, making ongoing security assessments crucial for maintaining user trust and data protection.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58603 | WordPress Surfer Plugin <= 1.6.4.574 - Broken Access Control Vulnerability — SurferCWE-862 | 5.3 | Medium | 2025-09-03 |
| CVE-2023-35037 | WordPress Surfer plugin <= 1.3.2.357 - Broken Access Control vulnerability — SurferCWE-862 | 7.6 | High | 2024-12-13 |
| CVE-2024-49299 | WordPress Surfer plugin <= 1.5.0.502 - SQL Injection vulnerability — SurferCWE-89 | 7.6 | High | 2024-10-17 |
This page lists every published CVE security advisory associated with Surfer. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.