Vulnerabilities and security researches forsmartpay smartpay

Apr 14, 2025

CVE, Research URL: CVE-2025-32689
Home page URL: Security reports for Download Manager and Payment Form WordPress Plugin – WP SmartPay
Application: Download Manager and Payment Form WordPress Plugin – WP SmartPay
Date: -
Research Description: Download Manager and Payment Form WordPress Plugin – WP SmartPay [smartpay] <= 2.7.12 (unfixed + closed) CVE-2025-32689
Affected versions: Min -, max -.
Status: vulnerable

Jul 02, 2025

CVE, Research URL: CVE-2025-25171
Home page URL: Security reports for Download Manager and Payment Form WordPress Plugin – WP SmartPay
Application: Download Manager and Payment Form WordPress Plugin – WP SmartPay
Date: Jun 27, 2025
Research Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemesGrove WP SmartPay allows Authentication Abuse. This issue affects WP SmartPay: from n/a through 2.7.13.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-3851
Home page URL: Security reports for Download Manager and Payment Form WordPress Plugin – WP SmartPay
Application: Download Manager and Payment Form WordPress Plugin – WP SmartPay
Date: May 07, 2025
Research Description: The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's data like email address, name, and notes.
Affected versions: Min -, max -.
Status: vulnerable