Supsystic

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-39997 1Supsystic 1Popup Apr 28, 2026 Dec 13, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.
CVE-2023-51353 1Supsystic 1Popup Apr 29, 2026 Dec 9, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through <= 1....Show more Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through <= 1.10.19.Show less
CVE-2024-52434 1Supsystic 1Popup Apr 23, 2026 Nov 18, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through <= 1.10.29.
CVE-2024-47330 1Supsystic 2Slider Social Share Buttons Oct 2, 2024 Sep 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/...Show more Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.Show less
CVE-2024-5219 1Supsystic 1Easy Google Maps Apr 8, 2026 Jul 2, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Easy Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 1.11.15 due to insufficient input sanitization and output...Show more The Easy Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 1.11.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2023-46197 1Supsystic 1Popup Apr 28, 2026 May 17, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10...Show more Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.Show less
CVE-2024-31421 1Supsystic 1Popup Apr 23, 2026 Apr 15, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic.This issue affects Popup by Supsystic: from n/a through <= 1.10.27.
CVE-2024-31269 1Supsystic 1Easy Google Maps Apr 28, 2026 Apr 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11.
CVE-2024-29921 1Supsystic 1Photo Gallery Apr 23, 2026 Mar 27, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in supsystic Photo Gallery by Supsystic gallery-by-supsystic.This issue affects Photo Gallery by Supsystic: from n/a thro...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in supsystic Photo Gallery by Supsystic gallery-by-supsystic.This issue affects Photo Gallery by Supsystic: from n/a through <= 1.15.16.Show less
CVE-2023-6732 1Supsystic 1Ultimate Maps Jun 2, 2025 Jan 16, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfi...Show more The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedShow less
CVE-2023-49191 1Supsystic 1Gdpr Cookie Consent Apr 28, 2026 Dec 15, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS.This issue affects GDPR Cookie Consent by Supsystic: from...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS.This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2.Show less
CVE-2023-5756 1Supsystic 1Digital Publications By Supsystic Apr 8, 2026 Dec 9, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action hand...Show more The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2023-45068 1Supsystic 1Contact Form Nov 21, 2024 Oct 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions.
CVE-2023-3186 1Supsystic 1Popup Nov 21, 2024 Jul 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.
CVE-2023-2526 1Supsystic 1Easy Google Maps Apr 8, 2026 Jun 9, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes...Show more The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2024-31269 appears to be a duplicate of this issue.Show less
CVE-2023-33926 1Supsystic 1Easy Google Maps Nov 21, 2024 May 28, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <= 1.11.7 versions.
CVE-2023-22714 1Supsystic 1Coming Soon Nov 21, 2024 May 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions.
CVE-2023-2528 1Supsystic 1Contact Form Apr 8, 2026 May 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. Th...Show more The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-47155 1Supsystic 1Slider Nov 21, 2024 Mar 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by Supsystic plugin <= 1.8.5 versions.
CVE-2022-2384 1Supsystic 1Digital Publications By Supsystic Nov 21, 2024 Aug 15, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_...Show more The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.Show less

12 3 Next