CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2114 – Data Tables Generator by Supsystic < 1.10.20 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2114
22 Jun 2022 — The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) El plugin Data Tables Generator by Supsystic de WordPress versiones anteriores a 1.10.20, no sanea ni escapa de algunos de sus ajustes de tabla, lo que podría permitir a usuarios con altos privilegios,... • https://wpscan.com/vulnerability/59911ba4-fa06-498a-9e7c-0c337cce691c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20065 – Supsystic Popup Plugin cross-site request forgery
https://notcve.org/view.php?id=CVE-2017-20065
20 Jun 2022 — A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • http://seclists.org/fulldisclosure/2017/Feb/97 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36891 – WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change
https://notcve.org/view.php?id=CVE-2021-36891
15 Jun 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el plugin Photo Gallery by Supsystic versiones anteriores a 1.15.5 incluyéndola, en WordPress que permite cambiar la configuración del plugin • https://patchstack.com/database/vulnerability/gallery-by-supsystic/wordpress-photo-gallery-by-supsystic-plugin-1-15-5-cross-site-request-forgery-csrf-leading-to-plugin-settings-change • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27235 – WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Broken Access Control vulnerabilities
https://notcve.org/view.php?id=CVE-2022-27235
09 Jun 2022 — Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. Múltiples vulnerabilidades de Control de Acceso Roto en el plugin Social Share Buttons by Supsystic versiones anteriores a 2.2.3 en WordPress The Social Share Buttons by Supsystic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various functions in versions up to, and including, 2.2.3. This makes it possible for authenticated attackers with subscrib... • https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-broken-access-control-vulnerabilities • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33960 – WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-33960
09 Jun 2022 — Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. Múltiples vulnerabilidades de inyección SQL (SQLi) Autenticado (rol de suscriptor o usuario superior) en el plugin Social Share Buttons by Supsystic versiones anteriores a 2.2.3 incluyéndola, en WordPress The Social Share Buttons by Supsystic plugin for WordPress is vulnerable to SQL Injection via several unknown parameters in versions up to, and inc... • https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-3-multiple-authenticated-sql-injection-sqli-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1653 – Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF
https://notcve.org/view.php?id=CVE-2022-1653
01 Jun 2022 — The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks. El plugin Social Share Buttons by Supsystic de WordPress versiones anteriores a 2.2.4, no lleva a cabo comprobaciones de tipo CSRF en sus endpoints ajax y páginas de administración, lo que permite a un atacante engañar a ... • https://wpscan.com/vulnerability/52eff451-8ce3-4ac4-b530-3196aa82db48 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36890 – WordPress Social Share Buttons by Supsystic plugin <= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2021-36890
27 May 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Social Share Buttons by Supsystic <= 2.2.2 en WordPress Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. • https://patchstack.com/database/vulnerability/social-share-buttons-by-supsystic/wordpress-social-share-buttons-by-supsystic-plugin-2-2-2-cross-site-request-forgery-csrf-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 48%CPEs: 1EXPL: 1CVE-2022-0424 – Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure
https://notcve.org/view.php?id=CVE-2022-0424
18 Apr 2022 — The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users El plugin Popup by Supsystic de WordPress versiones hasta 1.10.9, no dispone de autenticación y autorización en una acción AJAX, permitiendo a atacantes no autenticados llamarlo y obtener las direcciones de correo electrónico de los usuarios suscritos • https://wpscan.com/vulnerability/1e4593fd-51e5-43ca-a244-9aaef3804b9f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46780 – Easy Google Maps < 1.9.32 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-46780
09 Apr 2022 — The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting El plugin Easy Google Maps de WordPress versiones anteriores a 1.9.32, no escapa del parámetro tab antes de devolverlo a un atributo en el panel de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/cba4ccdd-9331-4ca0-b910-8f427ed9b540 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46782 – Pricing Table by Supsystic < 1.9.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-46782
09 Apr 2022 — The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting El plugin Pricing Table by Supsystic de WordPress versiones anteriores a 1.9.5, no escapa el parámetro tab antes de devolverlo en un atributo en el panel de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/39e69487-aa53-4b78-a422-12515a6449bf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •