CVSS: 6.6EPSS: %CPEs: 1EXPL: 0CVE-2025-32138 – WordPress Easy Google Maps plugin <= 1.11.17 - XML External Entity vulnerability
https://notcve.org/view.php?id=CVE-2025-32138
04 Apr 2025 — Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps allows XML Injection. This issue affects Easy Google Maps: from n/a through 1.11.17. • https://patchstack.com/database/wordpress/plugin/google-maps-easy/vulnerability/wordpress-easy-google-maps-plugin-1-11-17-xml-external-entity-vulnerability?_s_id=cve • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56253 – WordPress Data Tables Generator by Supsystic plugin <= 1.10.36 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-56253
30 Dec 2024 — Missing Authorization vulnerability in supsystic.com Data Tables Generator by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.36. The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.10.36. This makes it possible for authenticated attackers, with Subscriber-level acces... • https://patchstack.com/database/wordpress/plugin/data-tables-generator-by-supsystic/vulnerability/wordpress-data-tables-generator-by-supsystic-plugin-1-10-36-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51353 – WordPress Popup by Supsystic plugin <= 1.10.19 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51353
09 Dec 2024 — Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19. • https://patchstack.com/database/wordpress/plugin/popup-by-supsystic/vulnerability/wordpress-popup-by-supsystic-plugin-1-10-19-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2024-52434 – WordPress Popup by Supsystic plugin <= 1.10.29 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-52434
15 Nov 2024 — Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Popup by Supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through 1.10.29. La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un motor de plantillas en Supsystic Popup de Supsystic permite la inyección de comandos. Este problema afecta a Popup de Supsystic: desde n/a hasta 1.10.29. The Popup by Supsystic plugin for WordPress is vulnerable to Rem... • https://patchstack.com/database/vulnerability/popup-by-supsystic/wordpress-popup-by-supsystic-plugin-1-10-29-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48046 – WordPress Contact Form by Supsystic plugin <= 1.7.28 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-48046
14 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Supsystic Contact Form by Supsystic allows Stored XSS.This issue affects Contact Form by Supsystic: from n/a through 1.7.28. The Contact Form by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acce... • https://patchstack.com/database/vulnerability/contact-form-by-supsystic/wordpress-contact-form-by-supsystic-plugin-1-7-28-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 2%CPEs: 1EXPL: 0CVE-2024-48042 – WordPress Contact Form by Supsystic plugin <= 1.7.28 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-48042
13 Oct 2024 — Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28. La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un motor de plantillas en Supsystic Contact Form de Supsystic permite la inyección de comandos. Este problema afecta a Contact Form de Supsystic: desde n/a hasta 1.7.28. The Contact Form by Supsystic plugin f... • https://patchstack.com/database/vulnerability/contact-form-by-supsystic/wordpress-contact-form-by-supsystic-plugin-1-7-28-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33910 – WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33910
29 Apr 2024 — Missing Authorization vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. Vulnerabilidad de autorización faltante en publicaciones digitales de Supsystic. Este problema afecta a las publicaciones digitales de Supsystic: desde n/a hasta 1.7.7. The WordPress Flipbook by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.... • https://patchstack.com/database/vulnerability/digital-publications-by-supsystic/wordpress-digital-publications-by-supsystic-plugin-1-7-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32790 – WordPress Pricing Table by Supsystic plugin <= 1.9.12 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-32790
22 Apr 2024 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Supsystic Pricing Table by Supsystic allows Code Injection.This issue affects Pricing Table by Supsystic: from n/a through 1.9.12. La neutralización incorrecta de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Supsystic Pricing Table de Supsystic permite la inyección de código. Este problema afecta a Pricing Table de Supsystic: desde n/a hasta 1.9.12. The Pricing Table ... • https://patchstack.com/database/vulnerability/pricing-table-by-supsystic/wordpress-pricing-table-by-supsystic-plugin-1-9-12-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32829 – WordPress Data Tables Generator by Supsystic plugin <= 1.10.31 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32829
22 Apr 2024 — Missing Authorization vulnerability in Supsystic Data Tables Generator by Supsystic.This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.31. Vulnerabilidad de autorización faltante en Supsystic Data Tables Generator de Supsystic. Este problema afecta al Data Tables Generator de Supsystic: desde n/a hasta 1.10.31. The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and inclu... • https://patchstack.com/database/vulnerability/data-tables-generator-by-supsystic/wordpress-data-tables-generator-by-supsystic-plugin-1-10-31-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32089 – WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32089
11 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Supsystic Digital Publications by Supsystic. Este problema afecta las publicaciones digitales de Supsystic: desde n/a hasta 1.7.7. The WordPress Flipbook by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.7. This is... • https://patchstack.com/database/vulnerability/digital-publications-by-supsystic/wordpress-digital-publications-by-supsystic-plugin-1-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •