Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

smub — Vulnerabilities & Security Advisories 75

Browse all 75 CVE security advisories affecting smub. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Smub operates as a software development and IT services provider, primarily focusing on enterprise application development and digital transformation solutions. With seventy-five recorded Common Vulnerabilities and Exposures (CVEs), the platform has historically exhibited significant security deficiencies. Analysis of these vulnerabilities reveals a recurring pattern of critical flaws, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, which often stem from inadequate input validation and insufficient access controls. Privilege escalation issues further compound these risks, allowing unauthorized users to gain elevated system permissions. While specific major public incidents remain largely undocumented in open-source intelligence, the high volume of CVEs indicates systemic weaknesses in the development lifecycle. These persistent security gaps suggest that Smub’s infrastructure requires rigorous auditing and immediate remediation to prevent potential exploitation by malicious actors seeking to compromise sensitive enterprise data.

Top products by smub: Easy Digital Downloads – eCommerce Payments and Subscriptions made easy Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More Sydney Toolbox ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery aThemes Addons for Elementor UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers Custom Twitter Feeds – A Tweets Widget or X Feed Widget Feeds for YouTube (YouTube video, channel, and gallery plugin) WP Mail Logging Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more Contact Form & SMTP Plugin for WordPress by PirateForms Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation WP Lightbox 2 Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin aThemes Starter Sites Transients Manager Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform Smash Balloon Social Post Feed – Simple Social Feeds for WordPress
CVE IDTitleCVSSSeverityPublished
CVE-2026-5488 ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token' — ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)CWE-862 5.3 Medium2026-04-24
CVE-2026-5464 ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process — ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)CWE-862 7.2 High2026-04-23
CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & MoreCWE-345 5.3 Medium2026-04-07
CVE-2026-1463 Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 4.0.4 - Authenticated (Author+) Local File Inclusion — Photo Gallery, Sliders, Proofing and Themes – NextGEN GalleryCWE-98 8.8 High2026-03-18
CVE-2026-1992 ExactMetrics 8.6.0 - 9.0.2 - Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation — ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)CWE-639 8.8 High2026-03-11
CVE-2026-1993 ExactMetrics 7.1.0 - 9.0.2 - Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update — ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)CWE-269 8.8 High2026-03-11
CVE-2026-1236 Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API — Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & MoreCWE-79 6.4 Medium2026-03-04
CVE-2026-2471 WP Mail Logging <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field — WP Mail LoggingCWE-502 7.5 High2026-02-28
CVE-2025-14384 All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosure — All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase TrafficCWE-862 4.3 Medium2026-01-16
CVE-2025-14783 Easy Digital Downloads <= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirect — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-640 4.3 Medium2025-12-31
CVE-2025-13641 Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 3.59.12 - Authenticated (Contributor+) Local File Inclusion via 'template' — Photo Gallery, Sliders, Proofing and Themes – NextGEN GalleryCWE-98 8.8 High2025-12-18
CVE-2025-12484 Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers <= 1.12.19 - Unauthenticated Stored Cross-Site Scripting — Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social FollowersCWE-79 7.2 High2025-11-19
CVE-2025-12847 All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.8.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Deletion — All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase TrafficCWE-862 4.3 Medium2025-11-15
CVE-2025-12377 Gallery Plugin for WordPress – Envira Photo Gallery <= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gallery Actions — Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & MoreCWE-862 4.3 Medium2025-11-13
CVE-2025-11448 Gallery Plugin for WordPress – Envira Photo Gallery <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery Conversion — Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & MoreCWE-862 4.3 Medium2025-11-08
CVE-2025-12837 aThemes Addons for Elementor <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget — aThemes Addons for ElementorCWE-79 6.4 Medium2025-11-08
CVE-2025-11271 Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-807 5.3 Medium2025-11-06
CVE-2025-11893 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & MoreCWE-89 6.5 Medium2025-10-25
CVE-2025-10694 User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.8.0 - Missing Authorization to Information Disclosure — UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in SecondsCWE-862 5.3 Medium2025-10-25
CVE-2025-8149 aThemes Addons for Elementor Lite <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — aThemes Addons for ElementorCWE-79 6.4 Medium2025-09-06
CVE-2025-8102 Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-352 5.4 Medium2025-08-20
CVE-2025-5275 Charitable <= 1.8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Privacy Settings — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & MoreCWE-79 4.4 Medium2025-06-26
CVE-2025-4577 Smash Balloon Custom Facebook Feed <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-color` Attribute — Smash Balloon Social Post Feed – Simple Social Feeds for WordPressCWE-79 6.4 Medium2025-06-10
CVE-2025-4670 Easy Digital Downloads <= 3.3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via edd_receipt Shortcode — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-79 6.4 Medium2025-05-29
CVE-2025-2892 All in One SEO Pack <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL — All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase TrafficCWE-79 6.4 Medium2025-05-19
CVE-2025-3794 WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter — WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & MoreCWE-79 5.4 Medium2025-05-09
CVE-2025-2252 Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-200 5.3 Medium2025-03-25
CVE-2025-1314 Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function — Custom Twitter Feeds – A Tweets Widget or X Feed WidgetCWE-352 4.3 Medium2025-03-20
CVE-2024-13403 WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter — WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & MoreCWE-79 6.4 Medium2025-02-04
CVE-2024-13547 aThemes Addons for Elementor <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting — aThemes Addons for ElementorCWE-79 6.4 Medium2025-02-01

This page lists every published CVE security advisory associated with smub. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.