CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10915 – Popup by Supsystic < 1.7.9 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2016-10915
07 Sep 2016 — The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. El plugin popup-by-supsystic versiones anteriores a 1.7.9 para WordPress, presenta una vulnerabilidad de tipo CSRF. • https://wordpress.org/plugins/popup-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10918 – Photo Gallery by Supsystic <= 1.8.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2016-10918
15 Aug 2016 — The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. El plugin gallery-by-supsystic versiones anteriores a 1.8.6 para WordPress, presenta una vulnerabilidad de tipo CSRF. The Photo Gallery by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.5. This is due to missing or incorrect nonce validation on the 'updateAttachment' action. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged req... • https://wordpress.org/plugins/gallery-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •