CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30448 – WordPress Slider by Supsystic plugin <= 1.8.10 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30448
28 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic Slider by Supsystic allows Stored XSS.This issue affects Slider by Supsystic: from n/a through 1.8.10. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Supsystic Slider de Supsystic permite XSS almacenado. Este problema afecta a Slider de Supsystic: desde n/a hasta 1.8.10. The Slider by Supsystic plugin for WordPress is v... • https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-10-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30237 – WordPress Slider by Supsystic plugin <= 1.8.10 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30237
26 Mar 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Supsystic Slider by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.10. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Supsystic Slider de Supsystic. Este problema afecta a Slider de Supsystic: desde n/a hasta 1.8.10. The Slider by Supsystic plugin for WordPress is vulnerable to SQL Injection in all versions up to... • https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-10-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47330 – Broken Access Control vulnerability on multiple WordPress plugins by Supsystic
https://notcve.org/view.php?id=CVE-2024-47330
17 Jan 2024 — Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9. The Slider by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perfo... • https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •