Vulnerabilities and security researches forsp-blog-designer sp-blog-designer

Nov 27, 2024

CVE, Research URL: CVE-2024-52498
Home page URL: Security reports for SP Blog Designer
Application: SP Blog Designer
Date: Nov 28, 2024
Research Description: Path Traversal: '.../...//' vulnerability in Softpulse Infotech SP Blog Designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through 1.0.0.
Affected versions: max 1.0.0.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: CVE-2025-31606
Home page URL: Security reports for SP Blog Designer
Application: SP Blog Designer
Date: Mar 31, 2025
Research Description: Missing Authorization vulnerability in softpulseinfotech SP Blog Designer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SP Blog Designer: from n/a through 1.0.0.
Affected versions: max 1.0.0.
Status: vulnerable

May 13, 2026

CVE, Research URL: CVE-2026-4859
Home page URL: Security reports for SP Blog Designer
Application: SP Blog Designer
Date: May 12, 2026
Research Description: The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the `wpsbd_post_carousel` shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.0.0.
Status: vulnerable