Filtered by vendor Smartdatasoft
Subscriptions
Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-6994 | 2 Smartdatasoft, Wordpress | 2 Reveal Listing, Wordpress | 2025-08-06 | 9.8 Critical |
The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'listing_user_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role. | ||||
CVE-2024-12725 | 1 Smartdatasoft | 1 Clasify Classified Listing | 2025-06-11 | 6.1 Medium |
The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
CVE-2024-13347 | 1 Smartdatasoft | 1 Essential Wp Real Estate | 2025-04-18 | 6.8 Medium |
The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. | ||||
CVE-2025-23857 | 1 Smartdatasoft | 1 Essential Wp Real Estate | 2025-02-25 | 7.1 High |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Essential WP Real Estate allows Reflected XSS. This issue affects Essential WP Real Estate: from n/a through 1.1.3. | ||||
CVE-2024-13318 | 1 Smartdatasoft | 1 Essential Wp Real Estate | 2025-02-25 | 5.3 Medium |
The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts. | ||||
CVE-2021-37538 | 1 Smartdatasoft | 1 Smartblog | 2024-11-21 | 9.8 Critical |
Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller. | ||||
CVE-2021-24335 | 1 Smartdatasoft | 1 Car Repair Services \& Auto Mechanic | 2024-11-21 | 6.1 Medium |
The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue |
Page 1 of 1.