CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39997 – WordPress Popup by Supsystic plugin <= 1.10.19 - Broken Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2023-39997
11 Aug 2023 — Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19. The Popup by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.19. This is due to missing or incorrect nonce validation for a subset of actions on the 'havePermissions' function. This makes it possible for unauthenticated attackers to perf... • https://patchstack.com/database/wordpress/plugin/popup-by-supsystic/vulnerability/wordpress-popup-by-supsystic-plugin-1-10-19-broken-access-control-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 1CVE-2023-3186 – Supsystic Popup < 1.10.19 - Prototype Pollution
https://notcve.org/view.php?id=CVE-2023-3186
23 Jun 2023 — The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype. The plugin Popup by Supsystic for WordPress is vulnerable to prototype pollution, which could make injecting malicious web scripts possible in some cases. • https://wpscan.com/vulnerability/545007fc-3173-47b1-82c4-ed3fd1247b9c • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33926 – WordPress Easy Google Maps Plugin <= 1.11.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-33926
24 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <= 1.11.7 versions. The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to call that function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is ... • https://patchstack.com/database/vulnerability/google-maps-easy/wordpress-easy-google-maps-plugin-1-11-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2526 – Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery via AJAX action
https://notcve.org/view.php?id=CVE-2023-2526
24 May 2023 — The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, a... • https://plugins.trac.wordpress.org/browser/google-maps-easy/trunk/classes/frame.php?rev=2777743#L246 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2528 – Contact Form by Supsystic <= 1.7.24 - Cross-Site Request Forgery via AJAX action
https://notcve.org/view.php?id=CVE-2023-2528
16 May 2023 — The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/contact-form-by-supsystic/trunk/classes/frame.php?rev=2777737#L297 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25043 – WordPress Data Tables Generator by Supsystic Plugin <= 1.10.25 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-25043
13 Mar 2023 — Incorrect Authorization vulnerability in Supsystic Data Tables Generator.This issue affects Data Tables Generator: from n/a through 1.10.25. Vulnerabilidad de autorización incorrecta en Supsystic Data Tables Generator. Este problema afecta al Data Tables Generator: desde n/a hasta 1.10.25. The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to the plugin making nonces available to insufficiently privileged users inn the loadDataT... • https://patchstack.com/database/vulnerability/data-tables-generator-by-supsystic/wordpress-data-tables-generator-by-supsystic-plugin-1-10-25-broken-acces-control-vulnerability?_s_id=cve-2023-25043 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47155 – WordPress Slider by Supsystic Plugin <= 1.8.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47155
07 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by Supsystic plugin <= 1.8.5 versions. The Slider by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke the function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Cr... • https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-4-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22714 – WordPress Coming Soon by Supsystic Plugin <= 1.7.10 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-22714
19 Jan 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions. The Coming Soon by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke that function, via forged request granted they can trick a site administrator into performing an action such as clicking o... • https://patchstack.com/database/vulnerability/coming-soon-by-supsystic/wordpress-coming-soon-by-supsystic-plugin-1-7-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2384 – Digital Publications by Supsystic < 1.7.4 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2384
21 Jul 2022 — The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin Digital Publications by Supsystic de WordPress versiones anteriores a 1.7.4 no sanea ni escapa de su configuración, lo que permite a usuarios con altos privilegios, como los administradores, llevar a cabo ataques de Cross-Site Scripting incluso cuando... • https://wpscan.com/vulnerability/0917b964-f347-487e-b8d7-c4f09c290fe5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2114 – Data Tables Generator by Supsystic < 1.10.20 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2114
22 Jun 2022 — The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) El plugin Data Tables Generator by Supsystic de WordPress versiones anteriores a 1.10.20, no sanea ni escapa de algunos de sus ajustes de tabla, lo que podría permitir a usuarios con altos privilegios,... • https://wpscan.com/vulnerability/59911ba4-fa06-498a-9e7c-0c337cce691c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •