Supsystic
Products
10- 9 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
31| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-52434 | Cri | 0.59 | 9.1 | 0.01 | Nov 18, 2024 | Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through <= 1.10.29. | ||
| CVE-2020-37243 | Hig | 0.53 | 8.2 | 0.00 | May 16, 2026 | Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the… | ||
| CVE-2020-37242 | Hig | 0.53 | 8.2 | 0.00 | May 16, 2026 | Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with… | ||
| CVE-2020-37245 | Hig | 0.49 | 7.5 | 0.01 | May 16, 2026 | Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication… | ||
| CVE-2024-32583 | Hig | 0.46 | 7.1 | 0.00 | Apr 18, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21. | ||
| CVE-2025-32138 | Med | 0.43 | 6.6 | 0.00 | Apr 4, 2025 | Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps google-maps-easy allows XML Injection.This issue affects Easy Google Maps: from n/a through <= 1.11.18. | ||
| CVE-2025-11185 | Med | 0.42 | 6.4 | 0.00 | Feb 18, 2026 | The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied… | ||
| CVE-2024-29921 | Med | 0.38 | 5.9 | 0.00 | Mar 27, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in supsystic Photo Gallery by Supsystic gallery-by-supsystic.This issue affects Photo Gallery by Supsystic: from n/a through <= 1.15.16. | ||
| CVE-2023-49191 | Med | 0.38 | 5.9 | 0.00 | Dec 15, 2023 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS.This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2. | ||
| CVE-2023-46197 | Med | 0.36 | 5.3 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19. | ||
| CVE-2024-2296 | Med | 0.36 | 5.5 | 0.00 | Apr 6, 2024 | The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-5219 | Med | 0.35 | 6.4 | 0.00 | Jul 2, 2024 | The Easy Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 1.11.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2024-4035 | Med | 0.35 | 6.4 | 0.00 | Apr 25, 2024 | The Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.7.7.21 due to insufficient input sanitization and output escaping. This makes it… | ||
| CVE-2023-5756 | Med | 0.35 | 5.4 | 0.00 | Dec 9, 2023 | The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers… | ||
| CVE-2023-2528 | Med | 0.35 | 5.4 | 0.00 | May 17, 2023 | The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to… | ||
| CVE-2023-39997 | Med | 0.34 | 5.3 | 0.01 | Dec 13, 2024 | Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19. | ||
| CVE-2023-51353 | Med | 0.34 | 5.3 | 0.01 | Dec 9, 2024 | Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through <= 1.10.19. | ||
| CVE-2024-4100 | Med | 0.34 | 5.3 | 0.00 | Jul 9, 2024 | The Pricing Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the ajax() function. This makes it possible for unauthenticated attackers to perform a variety… | ||
| CVE-2024-31421 | Med | 0.28 | 4.3 | 0.00 | Apr 15, 2024 | Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic.This issue affects Popup by Supsystic: from n/a through <= 1.10.27. | ||
| CVE-2024-31269 | Med | 0.28 | 4.3 | 0.00 | Apr 12, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11. |
- risk 0.59cvss 9.1epss 0.01
Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through <= 1.10.29.
- risk 0.53cvss 8.2epss 0.00
Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the…
- risk 0.53cvss 8.2epss 0.00
Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with…
- risk 0.49cvss 7.5epss 0.01
Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21.
- risk 0.43cvss 6.6epss 0.00
Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps google-maps-easy allows XML Injection.This issue affects Easy Google Maps: from n/a through <= 1.11.18.
- risk 0.42cvss 6.4epss 0.00
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied…
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in supsystic Photo Gallery by Supsystic gallery-by-supsystic.This issue affects Photo Gallery by Supsystic: from n/a through <= 1.15.16.
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS.This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2.
- risk 0.36cvss 5.3epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.
- risk 0.36cvss 5.5epss 0.00
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.35cvss 6.4epss 0.00
The Easy Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 1.11.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- risk 0.35cvss 6.4epss 0.00
The Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.7.7.21 due to insufficient input sanitization and output escaping. This makes it…
- risk 0.35cvss 5.4epss 0.00
The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers…
- risk 0.35cvss 5.4epss 0.00
The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to…
- risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.
- risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through <= 1.10.19.
- risk 0.34cvss 5.3epss 0.00
The Pricing Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the ajax() function. This makes it possible for unauthenticated attackers to perform a variety…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic.This issue affects Popup by Supsystic: from n/a through <= 1.10.27.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11.