Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

smub — Vulnerabilities & Security Advisories 75

Browse all 75 CVE security advisories affecting smub. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Smub operates as a software development and IT services provider, primarily focusing on enterprise application development and digital transformation solutions. With seventy-five recorded Common Vulnerabilities and Exposures (CVEs), the platform has historically exhibited significant security deficiencies. Analysis of these vulnerabilities reveals a recurring pattern of critical flaws, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, which often stem from inadequate input validation and insufficient access controls. Privilege escalation issues further compound these risks, allowing unauthorized users to gain elevated system permissions. While specific major public incidents remain largely undocumented in open-source intelligence, the high volume of CVEs indicates systemic weaknesses in the development lifecycle. These persistent security gaps suggest that Smub’s infrastructure requires rigorous auditing and immediate remediation to prevent potential exploitation by malicious actors seeking to compromise sensitive enterprise data.

Top products by smub: Easy Digital Downloads – eCommerce Payments and Subscriptions made easy Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More Sydney Toolbox ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery aThemes Addons for Elementor UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers Custom Twitter Feeds – A Tweets Widget or X Feed Widget Feeds for YouTube (YouTube video, channel, and gallery plugin) WP Mail Logging Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more Contact Form & SMTP Plugin for WordPress by PirateForms Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation WP Lightbox 2 Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin aThemes Starter Sites Transients Manager Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform Smash Balloon Social Post Feed – Simple Social Feeds for WordPress
CVE IDTitleCVSSSeverityPublished
CVE-2024-13453 Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution — Contact Form & SMTP Plugin for WordPress by PirateFormsCWE-94 7.3 High2025-01-30
CVE-2024-13517 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Title — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-79 4.4 Medium2025-01-18
CVE-2024-12875 Easy Digital Downloads <= 3.3.2 - Authenticated (Admin+) Arbitrary File Download — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-73 4.9 Medium2024-12-21
CVE-2024-9654 Easy Digital Downloads 3.1 - 3.3.4 - Improper Authorization to Paywall Bypass — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-863 3.7 Low2024-12-17
CVE-2024-11205 WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation — WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & MoreCWE-862 8.5 High2024-12-10
CVE-2024-10878 Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting — Sugar Calendar – Events Calendar, Event Tickets, and Events Management PlatformCWE-79 6.1 Medium2024-11-26
CVE-2024-10593 WPForms – Easy Form Builder for WordPress <= 1.9.1.6 - Cross-Site Request Forgery (CSRF) to Plugin's Log Deletion — WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & MoreCWE-352 4.3 Medium2024-11-13
CVE-2024-10876 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.3 - Reflected Cross-Site Scripting — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & MoreCWE-79 6.1 Medium2024-11-09
CVE-2024-10045 Transients Manager <= 2.0.6 - Cross-Site Request Forgery — Transients ManagerCWE-352 4.3 Medium2024-10-23
CVE-2022-2439 Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 3.3.3 - Authenticated (Admin+) PHAR Deserialization — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-502 7.2 High2024-09-24
CVE-2024-8791 Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & MoreCWE-639 9.8 Critical2024-09-24
CVE-2024-8199 Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update — Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and MoreCWE-862 4.3 Medium2024-08-27
CVE-2024-8200 Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Cross-Site Request Forgery — Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and MoreCWE-352 4.3 Medium2024-08-27
CVE-2024-6692 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Agreement Text — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-79 3.3 Low2024-08-10
CVE-2024-6691 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Currency Settings — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-79 4.4 Medium2024-08-10
CVE-2024-6897 aThemes Starter Sites <= 1.0.53 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — aThemes Starter SitesCWE-79 6.4 Medium2024-07-27
CVE-2024-6694 WP Mail SMTP <= 4.0.1 - Authenticated (Admin+) SMTP Password Exposure — WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log PluginCWE-257 2.7 Low2024-07-20
CVE-2024-5902 UserFeedback Lite <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Name Parameter — UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in SecondsCWE-79 7.2 High2024-07-12
CVE-2024-6256 Feeds for YouTube (YouTube video, channel, and gallery plugin) <= 2.2.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Feeds for YouTube (YouTube video, channel, and gallery plugin)CWE-79 6.4 Medium2024-07-11
CVE-2024-6210 Duplicator <= 1.5.9 - Full Path Disclosure — Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & MoreCWE-200 5.3 Medium2024-07-11
CVE-2024-6263 WP Lightbox 2 <= 3.0.6.6 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — WP Lightbox 2CWE-79 6.4 Medium2024-07-03
CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI — Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and moreCWE-257 2.7 Low2024-06-13
CVE-2024-4045 Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation <= 2.16.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead GenerationCWE-79 6.4 Medium2024-05-25
CVE-2024-4473 Sydney Toolbox <= 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget — Sydney ToolboxCWE-79 6.4 Medium2024-05-14
CVE-2024-4036 Sydney Toolbox <= 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting — Sydney ToolboxCWE-79 6.4 Medium2024-05-02
CVE-2024-3649 Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.8.7.2 - Unauthenticated Price Manipulation — WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & MoreCWE-472 5.3 Medium2024-05-02
CVE-2024-3554 All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase TrafficCWE-79 6.4 Medium2024-05-02
CVE-2024-3208 Sydney Toolbox <= 1.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery — Sydney ToolboxCWE-79 6.4 Medium2024-04-09
CVE-2024-3097 WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure — Photo Gallery, Sliders, Proofing and Themes – NextGEN GalleryCWE-862 5.3 Medium2024-04-09
CVE-2024-2302 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.2.9 - Sensitive Information Exposure — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-532 5.3 Medium2024-04-09

This page lists every published CVE security advisory associated with smub. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.