CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22714 – WordPress Coming Soon by Supsystic Plugin <= 1.7.10 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-22714
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions. The Coming Soon by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke that function, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/coming-soon-by-supsystic/wordpress-coming-soon-by-supsystic-plugin-1-7-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2384 – Digital Publications by Supsystic < 1.7.4 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2384
The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin Digital Publications by Supsystic de WordPress versiones anteriores a 1.7.4 no sanea ni escapa de su configuración, lo que permite a usuarios con altos privilegios, como los administradores, llevar a cabo ataques de Cross-Site Scripting incluso cuando la capacidad unfiltered_html no está permitida. • https://wpscan.com/vulnerability/0917b964-f347-487e-b8d7-c4f09c290fe5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2114 – Data Tables Generator by Supsystic < 1.10.20 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2114
The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) El plugin Data Tables Generator by Supsystic de WordPress versiones anteriores a 1.10.20, no sanea ni escapa de algunos de sus ajustes de tabla, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio) • https://wpscan.com/vulnerability/59911ba4-fa06-498a-9e7c-0c337cce691c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20065 – Supsystic Popup Plugin cross-site request forgery
https://notcve.org/view.php?id=CVE-2017-20065
A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • http://seclists.org/fulldisclosure/2017/Feb/97 https://map.httpcs.com/alert/284665 https://vuldb.com/?id.97385 https://www.exploit-db.com/exploits/41485 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36891 – WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change
https://notcve.org/view.php?id=CVE-2021-36891
Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el plugin Photo Gallery by Supsystic versiones anteriores a 1.15.5 incluyéndola, en WordPress que permite cambiar la configuración del plugin • https://patchstack.com/database/vulnerability/gallery-by-supsystic/wordpress-photo-gallery-by-supsystic-plugin-1-15-5-cross-site-request-forgery-csrf-leading-to-plugin-settings-change https://wordpress.org/plugins/gallery-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •