CVE-2024-32790 – WordPress Pricing Table by Supsystic plugin <= 1.9.12 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-32790
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Supsystic Pricing Table by Supsystic allows Code Injection.This issue affects Pricing Table by Supsystic: from n/a through 1.9.12. La neutralización incorrecta de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Supsystic Pricing Table de Supsystic permite la inyección de código. Este problema afecta a Pricing Table de Supsystic: desde n/a hasta 1.9.12. The Pricing Table by Supsystic plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.9.12. This makes it possible for authenticated attackers, with admin-level access and above, to inject arbitrary content. • https://patchstack.com/database/vulnerability/pricing-table-by-supsystic/wordpress-pricing-table-by-supsystic-plugin-1-9-12-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2020-9394 – Pricing Table by Supsystic <= 1.8.1 - Cross-Site Request Forgery to Cross-Site Scripting and Setting Changes
https://notcve.org/view.php?id=CVE-2020-9394
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF. Se detectó un problema en el plugin pricing-table-by-supsystic versiones anteriores a 1.8.2 para WordPress. Permite un ataque de tipo CSRF. • https://wordpress.org/plugins/pricing-table-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-9392 – Pricing Table by Supsystic <= 1.8.1 - Missing Authorization on AJAX Actions
https://notcve.org/view.php?id=CVE-2020-9392
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table. Se detectó un problema en el plugin pricing-table-by-supsystic versiones anteriores a 1.8.2 para WordPress. Debido a que no presenta comprobación de permisos en los endpoints ImportJSONTable, createFromTpl y getJSONExportTable, los usuarios no autenticados pueden recuperar información de la tabla de precios, crear nuevas tablas o importar y modificar una tabla. • https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin • CWE-276: Incorrect Default Permissions CWE-862: Missing Authorization •
CVE-2020-9393 – Pricing Table by Supsystic <= 1.8.1 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-9393
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS. Se detectó un problema en el plugin pricing-table-by-supsystic versiones anteriores a 1.8.2 para WordPress. Permite un ataque de tipo XSS. • https://wordpress.org/plugins/pricing-table-by-supsystic/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •