Browse all 3 CVE security advisories affecting smartwpress. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Smartwpress is a WordPress-focused security plugin designed to protect websites from common threats. Historically, it has been associated with multiple vulnerabilities including cross-site scripting (XSS) and remote code execution (RCE) flaws, often stemming from insufficient input validation and improper access controls. The plugin has recorded three CVEs, highlighting persistent security challenges in its development. While no major public incidents have been documented, the recurring vulnerability patterns suggest implementation weaknesses in sanitization and privilege management. Users should remain vigilant about updates and consider alternative security solutions with more robust track records.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-5340 | Music Player for Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via album_buy_url Parameter — Music Player for Elementor – Audio Player & Podcast PlayerCWE-79 | 6.4 | Medium | 2025-06-03 |
| CVE-2025-32190 | WordPress Musician's Pack For Elementor plugin <= 1.8.7 - Cross Site Scripting (XSS) vulnerability — Musician's Pack For ElementorCWE-79 | 6.5 | Medium | 2025-04-04 |
| CVE-2024-10582 | Music Player for Elementor – Audio Player & Podcast Player <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Template Import — Music Player for Elementor – Audio Player & Podcast PlayerCWE-862 | 4.3 | Medium | 2024-11-15 |
This page lists every published CVE security advisory associated with smartwpress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.