CVE-2024-32829 – WordPress Data Tables Generator by Supsystic plugin <= 1.10.31 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32829
Missing Authorization vulnerability in Supsystic Data Tables Generator by Supsystic.This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.31. Vulnerabilidad de autorización faltante en Supsystic Data Tables Generator de Supsystic. Este problema afecta al Data Tables Generator de Supsystic: desde n/a hasta 1.10.31. The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.10.31. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions. • https://patchstack.com/database/vulnerability/data-tables-generator-by-supsystic/wordpress-data-tables-generator-by-supsystic-plugin-1-10-31-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2024-32089 – WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32089
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Supsystic Digital Publications by Supsystic. Este problema afecta las publicaciones digitales de Supsystic: desde n/a hasta 1.7.7. The WordPress Flipbook by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.7. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/digital-publications-by-supsystic/wordpress-digital-publications-by-supsystic-plugin-1-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-31421 – WordPress Popup by Supsystic plugin <= 1.10.27 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31421
Missing Authorization vulnerability in Supsystic Popup by Supsystic.This issue affects Popup by Supsystic: from n/a through 1.10.27. Vulnerabilidad de autorización faltante en Supsystic Popup de Supsystic. Este problema afecta a Popup de Supsystic: desde n/a hasta 1.10.27. The Popup by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.10.27. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/popup-by-supsystic/wordpress-popup-by-supsystic-plugin-1-10-27-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2024-31271 – WordPress Ultimate Maps plugin <= 1.2.16 - Cross Site Request Forgery vulnerability
https://notcve.org/view.php?id=CVE-2024-31271
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Supsystic Ultimate Maps de Supsystic. Este problema afecta a Ultimate Maps de Supsystic: desde n/a hasta 1.2.16. The Ultimate Maps by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.16. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/ultimate-maps-by-supsystic/wordpress-ultimate-maps-plugin-1-2-16-cross-site-request-forgery-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-30448 – WordPress Slider by Supsystic plugin <= 1.8.10 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30448
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic Slider by Supsystic allows Stored XSS.This issue affects Slider by Supsystic: from n/a through 1.8.10. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Supsystic Slider de Supsystic permite XSS almacenado. Este problema afecta a Slider de Supsystic: desde n/a hasta 1.8.10. The Slider by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-10-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •