CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31421 – WordPress Popup by Supsystic plugin <= 1.10.27 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31421
10 Apr 2024 — Missing Authorization vulnerability in Supsystic Popup by Supsystic.This issue affects Popup by Supsystic: from n/a through 1.10.27. Vulnerabilidad de autorización faltante en Supsystic Popup de Supsystic. Este problema afecta a Popup de Supsystic: desde n/a hasta 1.10.27. The Popup by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.10.27. This makes it possible for authenticated attackers, with subscribe... • https://patchstack.com/database/vulnerability/popup-by-supsystic/wordpress-popup-by-supsystic-plugin-1-10-27-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31271 – WordPress Ultimate Maps plugin <= 1.2.16 - Cross Site Request Forgery vulnerability
https://notcve.org/view.php?id=CVE-2024-31271
05 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Supsystic Ultimate Maps de Supsystic. Este problema afecta a Ultimate Maps de Supsystic: desde n/a hasta 1.2.16. The Ultimate Maps by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.16. This is due to missing or incorrect nonce vali... • https://patchstack.com/database/vulnerability/ultimate-maps-by-supsystic/wordpress-ultimate-maps-plugin-1-2-16-cross-site-request-forgery-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30448 – WordPress Slider by Supsystic plugin <= 1.8.10 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30448
28 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic Slider by Supsystic allows Stored XSS.This issue affects Slider by Supsystic: from n/a through 1.8.10. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Supsystic Slider de Supsystic permite XSS almacenado. Este problema afecta a Slider de Supsystic: desde n/a hasta 1.8.10. The Slider by Supsystic plugin for WordPress is v... • https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-10-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30237 – WordPress Slider by Supsystic plugin <= 1.8.10 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30237
26 Mar 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Supsystic Slider by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.10. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Supsystic Slider de Supsystic. Este problema afecta a Slider de Supsystic: desde n/a hasta 1.8.10. The Slider by Supsystic plugin for WordPress is vulnerable to SQL Injection in all versions up to... • https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-10-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29921 – WordPress Photo Gallery by Supsystic plugin <= 1.15.16 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29921
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic Photo Gallery by Supsystic allows Stored XSS.This issue affects Photo Gallery by Supsystic: from n/a through 1.15.16. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Supsystic Photo Gallery by Supsystic permite XSS almacenado. Este problema afecta a Supsystic Photo Gallery by Supsystic: desde n/a hasta 1.15.16. The Photo... • https://patchstack.com/database/vulnerability/gallery-by-supsystic/wordpress-photo-gallery-by-supsystic-plugin-1-15-16-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47330 – Broken Access Control vulnerability on multiple WordPress plugins by Supsystic
https://notcve.org/view.php?id=CVE-2024-47330
17 Jan 2024 — Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9. The Slider by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perfo... • https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6732 – Ultimate Maps by Supsystic < 1.2.16 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-6732
12 Jan 2024 — The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed El complemento de WordPress Ultimate Maps by Supsystic anterior a 1.2.16 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como el administrador, realizar ataques de cross site scripting incluso cuando u... • https://wpscan.com/vulnerability/aaf91707-f03b-4f25-bca9-9fac4945002a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5756 – Digital Publications by Supsystic <= 1.7.6 - Cross-Site Request Forgery via AJAX action
https://notcve.org/view.php?id=CVE-2023-5756
08 Dec 2023 — The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Digital Publications by Supsystic para WordPress es vulnerable a Cross-Site ... • https://plugins.trac.wordpress.org/browser/digital-publications-by-supsystic/trunk/classes/frame.php#L144 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49191 – WordPress GDPR Cookie Consent by Supsystic Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-49191
29 Nov 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS.This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ("Cross-site Scripting") en Supsystic GDPR Cookie Consent by Supsystic permite almacenar XSS. Este problema afecta a GDPR Cookie Consent by Supsystic: desde n/a hasta 2.1.2. ... • https://patchstack.com/database/vulnerability/gdpr-compliance-by-supsystic/wordpress-gdpr-cookie-consent-by-supsystic-plugin-2-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 25%CPEs: 1EXPL: 1CVE-2023-46197 – WordPress Popup by Supsystic plugin <= 1.10.19 - Unauthenticated Subscriber Email Addresses Disclosure
https://notcve.org/view.php?id=CVE-2023-46197
18 Oct 2023 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19. Limitación incorrecta de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en supsystic.Com Popup de Supsystic permite un path traversal relativa. Este problema afecta a Popup de Supsystic: desde n/a hasta 1.10.19. The Popup by Supsystic plugin for Word... • https://github.com/RandomRobbieBF/CVE-2023-46197 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •