Skip to main content

Smart Manager

3 CVEs product

Monthly

CVE-2026-45216 HIGH This Week

Privilege escalation in the StoreApps Smart Manager WordPress plugin (versions up to and including 8.85.0) allows authenticated low-privilege users to elevate themselves to higher-privileged roles due to incorrect privilege assignment (CWE-266). The flaw was reported by Patchstack and carries a CVSS 3.1 score of 8.8, though there is no public exploit identified at time of analysis and EPSS is very low at 0.04%. Affected WooCommerce stores running this plugin should treat this as a meaningful internal-risk issue because any subscriber, customer, or shop-manager account could be leveraged to seize administrator control.

Privilege Escalation Smart Manager
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-0566 HIGH POC This Week

The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Smart Manager
NVD WPScan Exploit-DB
CVSS 3.1
7.2
EPSS
3.3%
CVE-2021-25399 HIGH This Week

Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Smart Manager
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in the StoreApps Smart Manager WordPress plugin (versions up to and including 8.85.0) allows authenticated low-privilege users to elevate themselves to higher-privileged roles due to incorrect privilege assignment (CWE-266). The flaw was reported by Patchstack and carries a CVSS 3.1 score of 8.8, though there is no public exploit identified at time of analysis and EPSS is very low at 0.04%. Affected WooCommerce stores running this plugin should treat this as a meaningful internal-risk issue because any subscriber, customer, or shop-manager account could be leveraged to seize administrator control.

Privilege Escalation Smart Manager
NVD VulDB
EPSS 3% CVSS 7.2
HIGH POC This Week

The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Smart Manager
NVD WPScan Exploit-DB
EPSS 0% CVSS 7.1
HIGH This Week

Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Smart Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy