CVSS: 6.1EPSS: 8%CPEs: 1EXPL: 4CVE-2021-24276 – Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24276
19 Apr 2021 — The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue El plugin de WordPress Contact Form by Supsystic versiones anteriores a 1.7.15, no saneaba el parámetro tab de su página options antes de generarlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Contact Form plugin version 1.7.14 suffers from a cross site scriptin... • https://packetstorm.news/files/id/164308 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 6%CPEs: 1EXPL: 3CVE-2021-24274 – Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24274
19 Apr 2021 — The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue El plugin de WordPress Ultimate Maps by Supsystic versiones anteriores a 1.2.5, no saneaba el parámetro tab de su página options antes de generarlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Ultimate Maps plugin version 1.2.4 suffers from a cross site scriptin... • https://packetstorm.news/files/id/164316 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 7%CPEs: 1EXPL: 4CVE-2021-24275 – Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24275
19 Apr 2021 — The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue El plugin Popup de Supsystic WordPress versiones anteriores a 1.10.5, no saneaba el parámetro tab de su página options antes de mostrarlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Popup plugin version 1.10.4 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/164311 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12076 – Data Tables Generator by Supsystic <= 1.9.91 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2020-12076
24 Mar 2020 — The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS. El plugin data-tables-generator-by-supsystic en versiones anteriores a la para WordPress carece de comprobaciones CSRF nonce para acciones AJAX. Una consecuencia de esto es XSS almacenado. The Data Tables Generator by Supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. • https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-the-data-tables-generator-by-supsystic-plugin • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12075 – Data Tables Generator by Supsystic <= 1.9.91 - Missing Authorization on AJAX Actions
https://notcve.org/view.php?id=CVE-2020-12075
23 Mar 2020 — The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. El plugin data-tables-generator-by-supsystic en versiones anteriores a la 1.9.92 para WordPress carece de comprobaciones de capacidad para acciones AJAX. • https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-the-data-tables-generator-by-supsystic-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-276: Incorrect Default Permissions •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9393 – Pricing Table by Supsystic <= 1.8.1 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-9393
25 Feb 2020 — An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS. Se detectó un problema en el plugin pricing-table-by-supsystic versiones anteriores a 1.8.2 para WordPress. Permite un ataque de tipo XSS. • https://wordpress.org/plugins/pricing-table-by-supsystic/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9394 – Pricing Table by Supsystic <= 1.8.1 - Cross-Site Request Forgery to Cross-Site Scripting and Setting Changes
https://notcve.org/view.php?id=CVE-2020-9394
25 Feb 2020 — An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF. Se detectó un problema en el plugin pricing-table-by-supsystic versiones anteriores a 1.8.2 para WordPress. Permite un ataque de tipo CSRF. • https://wordpress.org/plugins/pricing-table-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-9392 – Pricing Table by Supsystic <= 1.8.1 - Missing Authorization on AJAX Actions
https://notcve.org/view.php?id=CVE-2020-9392
25 Feb 2020 — An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table. Se detectó un problema en el plugin pricing-table-by-supsystic versiones anteriores a 1.8.2 para WordPress. Debido a que no presenta comprobación de permisos en los endpoints ImportJSONTable, createFrom... • https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin • CWE-276: Incorrect Default Permissions CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18512 – Newsletter by Supsystic < 1.1.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-18512
25 May 2017 — The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF. El plugin newsletter-by-supsystic versiones anteriores a 1.1.8 para WordPress, presenta una vulnerabilidad de tipo CSRF. • https://wordpress.org/plugins/newsletter-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10915 – Popup by Supsystic < 1.7.9 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2016-10915
07 Sep 2016 — The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. El plugin popup-by-supsystic versiones anteriores a 1.7.9 para WordPress, presenta una vulnerabilidad de tipo CSRF. • https://wordpress.org/plugins/popup-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •