schiocco CVE Vulnerabilities & Metrics

Focus on schiocco vulnerabilities and metrics.

Last updated: 01 Aug 2025, 22:25 UTC

About schiocco Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with schiocco. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total schiocco CVEs: 6
Earliest CVE date: 17 Oct 2018, 14:29 UTC
Latest CVE date: 09 Jul 2025, 00:15 UTC

Latest CVE reference: CVE-2025-4855

Rolling Stats

30-day Count (Rolling): 2
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical schiocco CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.23

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 4
4.0-6.9 1
7.0-8.9 1
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS schiocco CVEs

These are the five CVEs with the highest CVSS scores for schiocco, sorted by severity first and recency.

All CVEs for schiocco

CVE-2025-4855 schiocco vulnerability CVSS: 0 09 Jul 2025, 00:15 UTC

The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sb_encryption() function in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to bypass authorization and execute arbitrary AJAX actions defined in the sb_ajax_execute() function. An attacker can use this vulnerability to exploit CVE-2025-4828 and various other functions unauthenticated.

CVE-2025-4828 schiocco vulnerability CVSS: 0 09 Jul 2025, 00:15 UTC

The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sb_file_delete function in all versions up to, and including, 3.8.0. This makes it possible for attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). An attacker can leverage CVE-2025-4855 vulnerability to exploit this vulnerability unauthenticated.

CVE-2021-24823 schiocco vulnerability CVSS: 4.9 28 Feb 2022, 09:15 UTC

The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files

CVE-2021-24807 schiocco vulnerability CVSS: 3.5 08 Nov 2021, 18:15 UTC

The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed.

CVE-2021-24741 schiocco vulnerability CVSS: 7.5 20 Sep 2021, 10:15 UTC

The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.

CVE-2018-18373 schiocco vulnerability CVSS: 3.5 17 Oct 2018, 14:29 UTC

In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action.