Smartdatasoft
Products
5- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6994 | Cri | 0.64 | 9.8 | 0.00 | Aug 6, 2025 | The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'listing_user_role' field. This… | ||
| CVE-2025-23857 | Hig | 0.46 | 7.1 | 0.00 | Feb 14, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SmartDataSoft Essential WP Real Estate essential-wp-real-estate allows Reflected XSS.This issue affects Essential WP Real Estate: from n/a through <= 1.1.3. | ||
| CVE-2026-22358 | Med | 0.35 | 5.4 | 0.00 | Jan 22, 2026 | Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6. | ||
| CVE-2025-62741 | Med | 0.35 | 5.4 | 0.00 | Jan 22, 2026 | Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services allows Server Side Request Forgery.This issue affects Pool Services: from n/a through <= 3.3. | ||
| CVE-2025-58005 | Med | 0.35 | 5.4 | 0.00 | Sep 22, 2025 | Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft DriCub dricub-driving-school allows Server Side Request Forgery.This issue affects DriCub: from n/a through <= 2.9. | ||
| CVE-2025-58004 | Med | 0.34 | 5.3 | 0.00 | Sep 22, 2025 | Missing Authorization vulnerability in SmartDataSoft DriCub dricub-driving-school allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DriCub: from n/a through <= 2.9. | ||
| CVE-2024-13347 | 0.00 | — | 0.01 | Feb 3, 2025 | The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. | |||
| CVE-2024-13318 | 0.00 | — | 0.00 | Jan 10, 2025 | The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary… |
- risk 0.64cvss 9.8epss 0.00
The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'listing_user_role' field. This…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SmartDataSoft Essential WP Real Estate essential-wp-real-estate allows Reflected XSS.This issue affects Essential WP Real Estate: from n/a through <= 1.1.3.
- risk 0.35cvss 5.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6.
- risk 0.35cvss 5.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services allows Server Side Request Forgery.This issue affects Pool Services: from n/a through <= 3.3.
- risk 0.35cvss 5.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft DriCub dricub-driving-school allows Server Side Request Forgery.This issue affects DriCub: from n/a through <= 2.9.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in SmartDataSoft DriCub dricub-driving-school allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DriCub: from n/a through <= 2.9.
- CVE-2024-13347Feb 3, 2025risk 0.00cvss —epss 0.01
The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
- CVE-2024-13318Jan 10, 2025risk 0.00cvss —epss 0.00
The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary…