Simplemachines Smf
14 CVEs affecting Simplemachines Smf. Latest disclosed: 2026-07-10. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-39903 | High | 7.1 | 2026-07-10 | Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php w… |
CVE-2024-7437 | Medium | 5.4 | 2024-08-03 | A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile… |
CVE-2024-7438 | Medium | 4.3 | 2024-08-03 | A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the fil… |
CVE-2025-2583 | Low | 3.5 | 2025-03-21 | A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The mani… |
CVE-2025-2582 | Low | 3.5 | 2025-03-21 | A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAtt… |
CVE-2011-4173 | | 2011-10-24 | Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of adminis… | |
CVE-2011-3615 | | 2011-10-24 | Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL comman… | |
CVE-2011-1131 | | 2011-06-21 | The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a t… | |
CVE-2011-1130 | | 2011-06-21 | Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduc… | |
CVE-2011-1129 | | 2011-06-21 | Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might… | |
CVE-2011-1128 | | 2011-06-21 | The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts… | |
CVE-2011-1127 | | 2011-06-21 | SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an… | |
CVE-2008-6971 | | 2009-08-13 | The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the ran… | |
CVE-2006-4564 | | 2006-09-06 | SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_… |