Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

simplepress — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting simplepress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SimplePress is a lightweight WordPress forum plugin designed to add discussion board functionality to websites. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, with nine CVEs recorded. These flaws often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in a relatively small codebase suggests ongoing security challenges that require careful maintenance and prompt updates by users implementing the plugin.

Top products by simplepress: Simple:Press Forum Simple:Press
CVE IDTitleCVSSSeverityPublished
CVE-2025-31386 WordPress Simple:Press plugin <= 6.11.5 - Broken Access Control vulnerability — Simple:PressCWE-862 5.3 Medium2025-03-31
CVE-2024-13518 Simple:Press <= 6.10.12 - Cross-Site Request Forgery to Unauthorized Post Editing — Simple:Press ForumCWE-352 4.3 Medium2025-03-01
CVE-2024-12409 Simple:Press Forum <= 6.10.11 - Reflected Cross-Site Scripting — Simple:Press ForumCWE-79 6.1 Medium2025-01-30
CVE-2020-36706 Simple:Press – WordPress Forum Plugin <= 6.6.0 - Arbitrary File Upload — Simple:Press ForumCWE-434 9.8 Critical2023-10-20
CVE-2022-4031 Simple:Press <= 6.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Modification — Simple:Press ForumCWE-22 3.8 Low2022-11-29
CVE-2022-4030 Simple:Press <= 6.8 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Deletion — Simple:Press ForumCWE-22 8.1 High2022-11-29
CVE-2022-4029 Simple:Press <= 6.8 - Reflected Cross-Site Scripting via Cookie Value — Simple:Press ForumCWE-79 4.7 Medium2022-11-29
CVE-2022-4028 Simple:Press <= 6.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Signatures — Simple:Press ForumCWE-79 6.4 Medium2022-11-29
CVE-2022-4027 Simple:Press <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Forum Replies — Simple:Press ForumCWE-79 7.2 High2022-11-29

This page lists every published CVE security advisory associated with simplepress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.