CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2021-24275 – Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24275
The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue El plugin Popup de Supsystic WordPress versiones anteriores a 1.10.5, no saneaba el parámetro tab de su página options antes de mostrarlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Popup plugin version 1.10.4 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/50346 http://packetstormsecurity.com/files/164311/WordPress-Popup-1.10.4-Cross-Site-Scripting.html https://wpscan.com/vulnerability/efdc76e0-c14a-4baf-af70-9d381107308f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12076 – Data Tables Generator by Supsystic <= 1.9.91 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2020-12076
The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS. El plugin data-tables-generator-by-supsystic en versiones anteriores a la para WordPress carece de comprobaciones CSRF nonce para acciones AJAX. Una consecuencia de esto es XSS almacenado. The Data Tables Generator by Supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. • https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-the-data-tables-generator-by-supsystic-plugin • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12075 – Data Tables Generator by Supsystic <= 1.9.91 - Missing Authorization on AJAX Actions
https://notcve.org/view.php?id=CVE-2020-12075
The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. El plugin data-tables-generator-by-supsystic en versiones anteriores a la 1.9.92 para WordPress carece de comprobaciones de capacidad para acciones AJAX. • https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-the-data-tables-generator-by-supsystic-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9394 – Pricing Table by Supsystic <= 1.8.1 - Cross-Site Request Forgery to Cross-Site Scripting and Setting Changes
https://notcve.org/view.php?id=CVE-2020-9394
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF. Se detectó un problema en el plugin pricing-table-by-supsystic versiones anteriores a 1.8.2 para WordPress. Permite un ataque de tipo CSRF. • https://wordpress.org/plugins/pricing-table-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-9392 – Pricing Table by Supsystic <= 1.8.1 - Missing Authorization on AJAX Actions
https://notcve.org/view.php?id=CVE-2020-9392
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table. Se detectó un problema en el plugin pricing-table-by-supsystic versiones anteriores a 1.8.2 para WordPress. Debido a que no presenta comprobación de permisos en los endpoints ImportJSONTable, createFromTpl y getJSONExportTable, los usuarios no autenticados pueden recuperar información de la tabla de precios, crear nuevas tablas o importar y modificar una tabla. • https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin • CWE-276: Incorrect Default Permissions CWE-862: Missing Authorization •