smartdatasoft CVE Vulnerabilities & Metrics

Focus on smartdatasoft vulnerabilities and metrics.

Last updated: 15 Feb 2026, 23:25 UTC

About smartdatasoft Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with smartdatasoft. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total smartdatasoft CVEs: 4
Earliest CVE date: 01 Jun 2021, 14:15 UTC
Latest CVE date: 28 Jan 2026, 18:16 UTC

Latest CVE reference: CVE-2020-36972

Rolling Stats

30-day Count (Rolling): 1
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical smartdatasoft CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.95

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	1
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS smartdatasoft CVEs

These are the five CVEs with the highest CVSS scores for smartdatasoft, sorted by severity first and recency.

CVE-2021-37538 smartdatasoft Published on 24 Aug 2021, 13:15 UTC (CVSS: 7.5)
Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.
CVE-2021-24335 smartdatasoft Published on 01 Jun 2021, 14:15 UTC (CVSS: 4.3)
The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue
CVE-2020-36972 smartdatasoft Published on 28 Jan 2026, 18:16 UTC (CVSS: 0)
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare character-by-character of database information.
CVE-2024-13347 smartdatasoft Published on 03 Feb 2025, 06:15 UTC (CVSS: 0)
The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.

All CVEs for smartdatasoft

CVE-2020-36972 smartdatasoft vulnerability CVSS: 0 28 Jan 2026, 18:16 UTC

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare character-by-character of database information.

CVE-2024-13347 smartdatasoft vulnerability CVSS: 0 03 Feb 2025, 06:15 UTC

The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.

CVE-2021-37538 smartdatasoft vulnerability CVSS: 7.5 24 Aug 2021, 13:15 UTC

Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller.

CVE-2021-24335 smartdatasoft vulnerability CVSS: 4.3 01 Jun 2021, 14:15 UTC

The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue