Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

specialk — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting specialk. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SpecialK is a game modification framework primarily used for enhancing gameplay through custom configurations and memory manipulation. Historically, it has been associated with multiple critical vulnerabilities including remote code execution, privilege escalation, and memory corruption flaws, contributing to its 19 CVE count. The framework's deep system integration and extensive hooking capabilities have made it a target for security researchers, with several incidents involving unauthorized code execution and bypass of anti-cheat systems. Its kernel-level functionality and extensive API access have consistently created attack surfaces that compromise system integrity, particularly when combined with other exploitation techniques.

Top products by specialk: User Submitted Posts – Enable Users to Submit Posts from the Front End Simple Download Counter Simple Ajax Chat – Add a Fast, Secure Chat Box Theme Switcha – Easily Switch Themes for Development and Testing Dashboard Widgets Suite Banhammer – Monitor Site Traffic, Block Bad Users and Bots Head Meta Data Blackhole for Bad Bots Prismatic
CVE IDTitleCVSSSeverityPublished
CVE-2026-3876 Prismatic <= 3.7.3 - Unauthenticated Stored Cross-Site Scripting via 'prismatic_encoded' Pseudo-Shortcode — PrismaticCWE-79 7.2 High2026-04-16
CVE-2026-4278 Simple Download Counter <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute — Simple Download CounterCWE-79 6.4 Medium2026-03-26
CVE-2026-4329 Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header — Blackhole for Bad BotsCWE-79 7.2 High2026-03-26
CVE-2026-2987 Simple Ajax Chat <= 20260217 - Unauthenticated Stored Cross-Site Scripting via 'c' — Simple Ajax Chat – Add a Fast, Secure Chat BoxCWE-79 6.1 Medium2026-03-12
CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter — User Submitted Posts – Enable Users to Submit Posts from the Front EndCWE-863 5.3 Medium2026-02-18
CVE-2026-0800 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field — User Submitted Posts – Enable Users to Submit Posts from the Front EndCWE-79 7.2 High2026-01-24
CVE-2026-0608 Head Meta Data <= 20251118 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta — Head Meta DataCWE-79 6.4 Medium2026-01-20
CVE-2026-0913 User Submitted Posts <= 20260110 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode — User Submitted Posts – Enable Users to Submit Posts from the Front EndCWE-79 6.4 Medium2026-01-16
CVE-2025-13677 Simple Download Counter <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal — Simple Download CounterCWE-22 4.9 Medium2025-12-10
CVE-2025-10745 Banhammer – Monitor Site Traffic, Block Bad Users and Bots <= 3.4.8 - Unauthenticated Protection Mechanism Bypass — Banhammer – Monitor Site Traffic, Block Bad Users and BotsCWE-330 5.3 Medium2025-09-26
CVE-2025-2874 User Submitted Posts <= 20241026 - Authenticated (Admin+) Stored Cross-Site Scripting — User Submitted Posts – Enable Users to Submit Posts from the Front EndCWE-79 4.4 Medium2025-04-03
CVE-2025-1730 Simple Download Counter <= 2.0 - Authenticated (Author+) Arbitrary File Read — Simple Download CounterCWE-73 6.5 Medium2025-03-01
CVE-2024-0979 Dashboard Widgets Suite <= 3.4.3 - Reflected Cross-Site Scripting — Dashboard Widgets SuiteCWE-79 6.1 Medium2024-06-13
CVE-2024-2956 Simple Ajax Chat <= 20231101 - Authenticated (Admin+) Stored Cross-Site Scripting — Simple Ajax Chat – Add a Fast, Secure Chat BoxCWE-79 4.4 Medium2024-03-27
CVE-2023-5614 Theme Switcha <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Theme Switcha – Easily Switch Themes for Development and TestingCWE-79 6.4 Medium2023-10-20
CVE-2023-4838 WordPress Plugin Simple Download Counter 跨站脚本漏洞 — Simple Download Counter 6.4 Medium2023-09-09
CVE-2023-4779 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — User Submitted Posts – Enable Users to Submit Posts from the Front EndCWE-79 6.4 Medium2023-09-06
CVE-2023-4308 User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content' — User Submitted Posts – Enable Users to Submit Posts from the Front EndCWE-79 7.2 High2023-08-15
CVE-2019-25138 User Submitted Posts <= 20190312 - Unauthenticated Arbitrary File Upload — User Submitted Posts – Enable Users to Submit Posts from the Front EndCWE-434 9.8 Critical2023-06-07

This page lists every published CVE security advisory associated with specialk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.