CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32790 – WordPress Pricing Table by Supsystic plugin <= 1.9.12 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-32790
22 Apr 2024 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Supsystic Pricing Table by Supsystic allows Code Injection.This issue affects Pricing Table by Supsystic: from n/a through 1.9.12. La neutralización incorrecta de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Supsystic Pricing Table de Supsystic permite la inyección de código. Este problema afecta a Pricing Table de Supsystic: desde n/a hasta 1.9.12. The Pricing Table ... • https://patchstack.com/database/vulnerability/pricing-table-by-supsystic/wordpress-pricing-table-by-supsystic-plugin-1-9-12-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-9392 – Pricing Table by Supsystic <= 1.8.1 - Missing Authorization on AJAX Actions
https://notcve.org/view.php?id=CVE-2020-9392
25 Feb 2020 — An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table. Se detectó un problema en el plugin pricing-table-by-supsystic versiones anteriores a 1.8.2 para WordPress. Debido a que no presenta comprobación de permisos en los endpoints ImportJSONTable, createFrom... • https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin • CWE-276: Incorrect Default Permissions CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9393 – Pricing Table by Supsystic <= 1.8.1 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-9393
25 Feb 2020 — An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS. Se detectó un problema en el plugin pricing-table-by-supsystic versiones anteriores a 1.8.2 para WordPress. Permite un ataque de tipo XSS. • https://wordpress.org/plugins/pricing-table-by-supsystic/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9394 – Pricing Table by Supsystic <= 1.8.1 - Cross-Site Request Forgery to Cross-Site Scripting and Setting Changes
https://notcve.org/view.php?id=CVE-2020-9394
25 Feb 2020 — An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF. Se detectó un problema en el plugin pricing-table-by-supsystic versiones anteriores a 1.8.2 para WordPress. Permite un ataque de tipo CSRF. • https://wordpress.org/plugins/pricing-table-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •