Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

sminozzi — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting sminozzi. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Sminozzi is a web application framework primarily used for building dynamic websites and web services. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, accounting for its 17 recorded CVEs. The framework's security characteristics include regular updates addressing critical vulnerabilities, though its widespread adoption has made it a target for exploitation. Notable incidents include several high-severity RCE flaws in versions prior to 3.0, which allowed attackers to execute arbitrary code with minimal user interaction. Despite these issues, Sminozzi remains popular due to its ease of use and extensive documentation, though developers must implement strict input validation and keep installations current to mitigate risks.

Top products by sminozzi: Database Backup and Table Integrity Check with Automated Scheduling Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection reCAPTCHA for all WP Tools Car Dealer ReportAttacks — Brute Force & Login Protection Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin Stop and Block bots plugin Anti bots Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue
CVE IDTitleCVSSSeverityPublished
CVE-2025-11627 Site Checkup AI Troubleshooting with Wizard and Tips for Each Issue <= 1.47 - Unauthenticated Log File Poisoning — Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each IssueCWE-117 6.5 Medium2025-10-30
CVE-2025-9376 Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 11.58 - Insufficient Authorization to Unauthenticated Blocklist Bypass — Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam ProtectionCWE-863 6.5 Medium2025-08-28
CVE-2025-8104 Memory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin Function — Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide SuggestionsCWE-352 4.3 Medium2025-07-27
CVE-2025-48150 WordPress Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin plugin <= 4.48 - Broken Access Control Vulnerability — Real Estate Property 2024 Create Your Own Fields and Search Bar WP PluginCWE-862 4.3 Medium2025-07-16
CVE-2025-48166 WordPress Stop and Block bots plugin Anti bots <= 1.48 - Broken Access Control Vulnerability — Stop and Block bots plugin Anti botsCWE-862 5.3 Medium2025-07-16
CVE-2025-49273 WordPress WP Tools plugin <= 5.24 - Cross Site Request Forgery (CSRF) Vulnerability — WP ToolsCWE-352 4.3 Medium2025-06-06
CVE-2025-48243 WordPress reCAPTCHA for all plugin <= 2.26 - Cross Site Request Forgery (CSRF) Vulnerability — reCAPTCHA for allCWE-352 4.3 Medium2025-05-19
CVE-2025-39544 WordPress WP Tools plugin <= 5.18 - CSRF to Arbitrary File Deletion vulnerability — WP ToolsCWE-352 7.4 High2025-04-16
CVE-2025-30862 WordPress reCAPTCHA for all plugin <= 2.22 - Cross Site Request Forgery (CSRF) vulnerability — reCAPTCHA for allCWE-352 4.3 Medium2025-03-27
CVE-2025-2250 WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins <= 2.32 - Authenticated (Admin+) SQL Injection — ReportAttacks — Brute Force & Login ProtectionCWE-89 4.9 Medium2025-03-13
CVE-2024-13910 Database Backup and check Tables Automated With Scheduler 2024 <= 2.36 - Authenticated (Administrator+) Arbitrary File Deletion — Database Backup and Table Integrity Check with Automated SchedulingCWE-22 7.2 High2025-03-01
CVE-2024-13911 Database Backup and check Tables Automated With Scheduler 2024 <= 2.35 - Authenticated (Administrator+) Sensitive Information Exposure — Database Backup and Table Integrity Check with Automated SchedulingCWE-200 7.2 High2025-03-01
CVE-2024-12850 Database Backup and check Tables Automated With Scheduler 2024 <= 2.32 - Authenticated (Admin+) Arbitrary File Read — Database Backup and Table Integrity Check with Automated SchedulingCWE-22 4.9 Medium2024-12-24
CVE-2024-54298 WordPress Car Dealer plugin <= 4.46 - Broken Access Control vulnerability — Car DealerCWE-862 4.3 Medium2024-12-13
CVE-2024-4355 Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 10.23 - Missing Authorization to Information Expsoure — Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam ProtectionCWE-862 4.3 Medium2024-05-30
CVE-2024-1861 Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.52 - Missing Authorization to Authenticated (Subscriber+) Table Truncation — Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker ScanCWE-862 4.3 Medium2024-02-28
CVE-2024-1860 Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.51 - Missing Authorization to Unauthenticated IP Address Whitelist — Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker ScanCWE-862 6.5 Medium2024-02-28

This page lists every published CVE security advisory associated with sminozzi. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.