CVE Tools

simplemachines

Web & CMS Pluginsoss-project

16

Cumulative CVEs

6

Monthly snapshots

#16

Peak rank

Top products

simple machines forum2 simple machine forum1

Latest CVEs

The 15 most recently published vulnerabilities affecting simplemachines.

CVE-2025-67163A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name param...6.1Dec 18, 2025
CVE-2025-2583SimpleMachines SMF ManageNews.php cross site scripting3.5Mar 21, 2025
CVE-2025-2582SimpleMachines SMF ManageAttachments.php cross site scripting3.5Mar 21, 2025
CVE-2024-7438SimpleMachines SMF User Alert Read Status index.php resource injection4.3Aug 3, 2024
CVE-2024-7437SimpleMachines SMF Delete User index.php resource injection5.4Aug 3, 2024
CVE-2022-26982SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator....7.2Apr 5, 2022
CVE-2019-11574An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.9.8Mar 20, 2020
CVE-2013-4395Simple Machines Forum (SMF) through 2.0.5 has XSS6.1Feb 12, 2020
CVE-2013-0192File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.4.9Feb 7, 2020
CVE-2019-12490An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links.6.5Jan 22, 2020
CVE-2009-5068There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trus...7.2Jan 15, 2020
CVE-2005-4891Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.9.8Jan 15, 2020
CVE-2013-7468Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.8.1Mar 7, 2019
CVE-2013-7467Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.6.1Mar 7, 2019
CVE-2013-7466Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains prese...8.8Mar 7, 2019