Supsystic

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-33960 1Supsystic 1Social Share Buttons Nov 21, 2024 Jul 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.
CVE-2022-27235 1Supsystic 1Social Share Buttons Nov 21, 2024 Jul 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.
CVE-2022-2114 1Supsystic 1Data Tables Generator Nov 21, 2024 Jul 17, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...Show more The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2022-1653 1Supsystic 1Social Share Buttons Nov 21, 2024 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin...Show more The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks.Show less
CVE-2017-20065 1Supsystic 1Popup Nov 21, 2024 Jun 20, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remot...Show more A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2021-36891 1Supsystic 1Photo Gallery Nov 21, 2024 Jun 15, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings.
CVE-2021-36890 1Supsystic 1Social Share Buttons Nov 21, 2024 Jun 2, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress.
CVE-2022-0424 1Supsystic 1Popup Nov 21, 2024 May 9, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
CVE-2021-46782 1Supsystic 1Price Table Nov 21, 2024 Apr 25, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting
CVE-2021-46780 1Supsystic 1Easy Google Maps Nov 21, 2024 Apr 25, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting
CVE-2021-39346 1Supsystic 1Easy Google Maps Nov 21, 2024 Nov 1, 2021 N/A· v4 4.8 MEDIUM· v3 2.1 LOW· v2 The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarker...Show more The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.Show less
CVE-2021-24276 1Supsystic 1Contact Form Nov 21, 2024 May 5, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
CVE-2021-24275 1Supsystic 1Popup Nov 21, 2024 May 5, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
CVE-2021-24274 1Supsystic 1Ultimate Maps Nov 21, 2024 May 5, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
CVE-2020-12076 1Supsystic 1Data Tables Generator Nov 21, 2024 Apr 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS.
CVE-2020-12075 1Supsystic 1Data Tables Generator Nov 21, 2024 Apr 23, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions.
CVE-2020-9392 1Supsystic 1Pricing Table By Supsystic Nov 21, 2024 Mar 23, 2020 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated u...Show more An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.Show less
CVE-2020-9394 1Supsystic 1Pricing Table By Supsystic Nov 21, 2024 Feb 25, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF.
CVE-2020-9393 1Supsystic 1Pricing Table By Supsystic Nov 21, 2024 Feb 25, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS.
CVE-2016-10918 1Supsystic 1Photo Gallery Nov 21, 2024 Aug 22, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF.

Previous 123 Next