Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

smub — Vulnerabilities & Security Advisories 75

Browse all 75 CVE security advisories affecting smub. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Smub operates as a software development and IT services provider, primarily focusing on enterprise application development and digital transformation solutions. With seventy-five recorded Common Vulnerabilities and Exposures (CVEs), the platform has historically exhibited significant security deficiencies. Analysis of these vulnerabilities reveals a recurring pattern of critical flaws, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, which often stem from inadequate input validation and insufficient access controls. Privilege escalation issues further compound these risks, allowing unauthorized users to gain elevated system permissions. While specific major public incidents remain largely undocumented in open-source intelligence, the high volume of CVEs indicates systemic weaknesses in the development lifecycle. These persistent security gaps suggest that Smub’s infrastructure requires rigorous auditing and immediate remediation to prevent potential exploitation by malicious actors seeking to compromise sensitive enterprise data.

Top products by smub: Easy Digital Downloads – eCommerce Payments and Subscriptions made easy Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More Sydney Toolbox ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery aThemes Addons for Elementor UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers Custom Twitter Feeds – A Tweets Widget or X Feed Widget Feeds for YouTube (YouTube video, channel, and gallery plugin) WP Mail Logging Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more Contact Form & SMTP Plugin for WordPress by PirateForms Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation WP Lightbox 2 Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin aThemes Starter Sites Transients Manager Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform Smash Balloon Social Post Feed – Simple Social Feeds for WordPress
CVE IDTitleCVSSSeverityPublished
CVE-2024-2936 Sydney Toolbox <= 1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id — Sydney ToolboxCWE-79 6.4 Medium2024-03-29
CVE-2024-1935 Giveaways and Contests by RafflePress <= 1.12.5 - Unauthenticated Stored Cross-Site Scripting — Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social FollowersCWE-79 7.2 High2024-03-13
CVE-2024-0903 User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.0.13 - Unauthenticated Stored Cross-Site Scripting — UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in SecondsCWE-79 5.4 Medium2024-02-22
CVE-2024-0379 Custom Twitter Feeds – A Tweets Widget or X Feed Widget <= 2.2.1 - Cross-Site Request Forgery to Plugin Options Update — Custom Twitter Feeds – A Tweets Widget or X Feed WidgetCWE-352 4.3 Medium2024-02-20
CVE-2024-1447 Sydney Toolbox <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting — Sydney ToolboxCWE-79 6.4 Medium2024-02-20
CVE-2024-0659 Easy Digital Downloads <= 3.2.6 - Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options — Easy Digital Downloads – eCommerce Payments and Subscriptions made easyCWE-79 5.5 Medium2024-02-05
CVE-2023-6742 Envira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images — Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & MoreCWE-862 4.3 Medium2024-01-11
CVE-2023-5049 Giveaways and Contests by RafflePress <= 1.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social FollowersCWE-79 6.4 Medium2023-10-30
CVE-2023-4841 Feeds for YouTube <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Feeds for YouTube (YouTube video, channel, and gallery plugin)CWE-79 6.4 Medium2023-09-14
CVE-2023-4404 Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & MoreCWE-269 9.8 Critical2023-08-23
CVE-2023-3081 WP Mail Logging <= 1.11.1 - Unauthenticated Stored Cross-Site Scripting via Email — WP Mail LoggingCWE-79 7.2 High2023-07-12
CVE-2019-25145 Contact Form & SMTP Plugin by PirateForms <= 2.5.1 - Unauthenticated HTML injection — Contact Form & SMTP Plugin for WordPress by PirateFormsCWE-79 7.2 High2023-06-07
CVE-2019-25141 Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update — Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and moreCWE-862 9.8 Critical2023-06-07
CVE-2023-0586 All in One SEO Pack <= 4.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase TrafficCWE-79 6.4 Medium2023-02-24
CVE-2023-0585 All in One SEO Pack <= 4.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting — All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase TrafficCWE-79 4.4 Medium2023-02-24

This page lists every published CVE security advisory associated with smub. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.