Page 10 of 49 results (0.005 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-9393 – Pricing Table by Supsystic <= 1.8.1 - Unauthenticated Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2020-9393

An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS. Se detectó un problema en el plugin pricing-table-by-supsystic versiones anteriores a 1.8.2 para WordPress. Permite un ataque de tipo XSS. • https://wordpress.org/plugins/pricing-table-by-supsystic/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-18512 – Newsletter by Supsystic < 1.1.8 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2017-18512

The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF. El plugin newsletter-by-supsystic versiones anteriores a 1.1.8 para WordPress, presenta una vulnerabilidad de tipo CSRF. • https://wordpress.org/plugins/newsletter-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10915 – Popup by Supsystic < 1.7.9 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2016-10915

The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. El plugin popup-by-supsystic versiones anteriores a 1.7.9 para WordPress, presenta una vulnerabilidad de tipo CSRF. • https://wordpress.org/plugins/popup-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10918 – Photo Gallery by Supsystic <= 1.8.8 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2016-10918

The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. El plugin gallery-by-supsystic versiones anteriores a 1.8.6 para WordPress, presenta una vulnerabilidad de tipo CSRF. The Photo Gallery by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.5. This is due to missing or incorrect nonce validation on the 'updateAttachment' action. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wordpress.org/plugins/gallery-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •