Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
supsystic vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2017-18512
The newsletter-by-supsystic plugin prior to 1.1.8 for WordPress has CSRF.
Supsystic Newsletter By Supsystic
7.5
CVSSv2
CVE-2020-9392
An issue exists in the pricing-table-by-supsystic plugin prior to 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or...
Supsystic Pricing Table By Supsystic
6.8
CVSSv2
CVE-2020-9394
An issue exists in the pricing-table-by-supsystic plugin prior to 1.8.2 for WordPress. It allows CSRF.
Supsystic Pricing Table By Supsystic
NA
CVE-2022-2384
The Digital Publications by Supsystic WordPress plugin prior to 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Supsystic Digital Publications By Supsystic
4.3
CVSSv2
CVE-2020-9393
An issue exists in the pricing-table-by-supsystic plugin prior to 1.8.2 for WordPress. It allows XSS.
Supsystic Pricing Table By Supsystic
NA
CVE-2023-5756
The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated malicious us...
Supsystic Digital Publications By Supsystic
4.3
CVSSv2
CVE-2021-24275
The Popup by Supsystic WordPress plugin prior to 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
Supsystic Popup
5
CVSSv2
CVE-2022-0424
The Popup by Supsystic WordPress plugin prior to 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated malicious users to call it and get the email addresses of subscribed users
Supsystic Popup
NA
CVE-2023-3186
The Popup by Supsystic WordPress plugin prior to 1.10.19 has a prototype pollution vulnerability that could allow an malicious user to inject arbitrary properties into Object.prototype.
Supsystic Popup
NA
CVE-2022-47155
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by Supsystic plugin <= 1.8.5 versions.
Supsystic Slider
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3012
CVE-2024-30200
XXE
CVE-2023-24955
CVE-2023-42931
CVE-2024-29231
remote code execution
cross-site scripting
CVE-2024-0677
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »