Smartdatasoft

By the Year

In 2026 there have been 4 vulnerabilities in Smartdatasoft with an average score of 7.2 out of ten. Last year, in 2025 Smartdatasoft had 9 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.83.

Recent Smartdatasoft Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2025-12882	Feb 19, 2026	Clasifico Listing WP Plugin 2.0 Priv Escal via role param The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listing_user_role' parameter. This makes it possible for unauthenticated attackers to gain elevated privileges by registering an account with the administrator role.
CVE-2020-36972	Jan 28, 2026	Blind SQLi in SmartBlog 2.0.1 'id_post' parameter (details controller) SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare character-by-character of database information.	Smartblog
CVE-2026-22358	Jan 22, 2026	SSRF Vulnerability in Electrician WP Plugin 5.6 Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6.	Electrician
CVE-2025-62741	Jan 22, 2026	SSRF in SmartDataSoft Pool Services <=3.3 Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services allows Server Side Request Forgery.This issue affects Pool Services: from n/a through <= 3.3.	Pool Services
CVE-2025-58004	Sep 22, 2025	Missing Auth in SmartDataSoft DriCub 2.9 Missing Authorization vulnerability in SmartDataSoft DriCub allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DriCub: from n/a through 2.9.
CVE-2025-58005	Sep 22, 2025	SmartDataSoft DriCub <=2.9 SSRF Vulnerability Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft DriCub allows Server Side Request Forgery. This issue affects DriCub: from n/a through 2.9.
CVE-2025-6994	Aug 06, 2025	WordPress Reveal Listing <=3.3 PrivEsc via listing_user_role The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'listing_user_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
CVE-2025-30997	Jun 06, 2025	SmartDataSoft Car Repair Services SSRF (before 5.0) Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services car-repair-services allows Server Side Request Forgery.This issue affects Car Repair Services: from n/a through <= 5.0.	Car Repair Services
CVE-2024-12725	May 15, 2025	Clasify Classified Listing WP Plugin 1.0.7 Reflected XSS The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.	Clasify Classified Listing
CVE-2025-1285	Mar 14, 2025	Unauthorized Access: Resido 3.6 AJAX API Key Update The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers to issue requests to internal services and update API key details.
CVE-2025-23857	Feb 14, 2025	NotFound Essential WP Real Estate Reflected XSS Pre-1.1.3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SmartDataSoft Essential WP Real Estate essential-wp-real-estate allows Reflected XSS.This issue affects Essential WP Real Estate: from n/a through <= 1.1.3.	Essential Wp Real Estate
CVE-2024-13347	Feb 03, 2025	Reflected XSS in Essential WP Real Estate WP Plugin <1.1.3 The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.	Essential Wp Real Estate
CVE-2024-13318	Jan 10, 2025	Essential WP Real Estate 1.1.3: Unauth Access Enables Post Deletion The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts.	Essential Wp Real Estate
CVE-2021-37538	Aug 24, 2021	Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.	Smartblog
CVE-2021-24335	Jun 01, 2021	The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue	Car Repair Services Auto Mechanic