VYPR

Vendor CVEs

Supsystic

All CVEs

31 total · sorted by risk
  • CVE-2024-52434CriNov 18, 2024
    risk 0.59cvss 9.1epss 0.01

    Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through <= 1.10.29.

  • CVE-2020-37243HigMay 16, 2026
    risk 0.53cvss 8.2epss 0.00

    Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the…

  • CVE-2020-37242HigMay 16, 2026
    risk 0.53cvss 8.2epss 0.00

    Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with…

  • CVE-2020-37245HigMay 16, 2026
    risk 0.49cvss 7.5epss 0.01

    Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication…

  • CVE-2024-32583HigApr 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21.

  • CVE-2025-32138MedApr 4, 2025
    risk 0.43cvss 6.6epss 0.00

    Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps google-maps-easy allows XML Injection.This issue affects Easy Google Maps: from n/a through <= 1.11.18.

  • CVE-2025-11185MedFeb 18, 2026
    risk 0.42cvss 6.4epss 0.00

    The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-29921MedMar 27, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in supsystic Photo Gallery by Supsystic gallery-by-supsystic.This issue affects Photo Gallery by Supsystic: from n/a through <= 1.15.16.

  • CVE-2023-49191MedDec 15, 2023
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS.This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2.

  • CVE-2023-46197MedMay 17, 2024
    risk 0.36cvss 5.3epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.

  • CVE-2024-2296MedApr 6, 2024
    risk 0.36cvss 5.5epss 0.00

    The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-5219MedJul 2, 2024
    risk 0.35cvss 6.4epss 0.00

    The Easy Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 1.11.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-4035MedApr 25, 2024
    risk 0.35cvss 6.4epss 0.00

    The Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.7.7.21 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2023-5756MedDec 9, 2023
    risk 0.35cvss 5.4epss 0.00

    The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers…

  • CVE-2023-2528MedMay 17, 2023
    risk 0.35cvss 5.4epss 0.00

    The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to…

  • CVE-2023-39997MedDec 13, 2024
    risk 0.34cvss 5.3epss 0.01

    Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.

  • CVE-2023-51353MedDec 9, 2024
    risk 0.34cvss 5.3epss 0.01

    Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through <= 1.10.19.

  • CVE-2024-4100MedJul 9, 2024
    risk 0.34cvss 5.3epss 0.00

    The Pricing Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the ajax() function. This makes it possible for unauthenticated attackers to perform a variety…

  • CVE-2024-31421MedApr 15, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic.This issue affects Popup by Supsystic: from n/a through <= 1.10.27.

  • CVE-2024-31269MedApr 12, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11.

  • CVE-2023-2526MedJun 9, 2023
    risk 0.28cvss 5.4epss 0.00

    The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX…

  • CVE-2022-0424May 9, 2022
    risk 0.03cvss epss 0.03

    The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users

  • CVE-2021-24275May 5, 2021
    risk 0.03cvss epss 0.18

    The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

  • CVE-2024-47330Sep 26, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.

  • CVE-2023-3186Jul 17, 2023
    risk 0.00cvss epss 0.01

    The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.

  • CVE-2023-33926May 28, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <= 1.11.7 versions.

  • CVE-2022-2384Aug 15, 2022
    risk 0.00cvss epss 0.00

    The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

  • CVE-2022-27235Jul 22, 2022
    risk 0.00cvss epss 0.01

    Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.

  • CVE-2022-33960Jul 22, 2022
    risk 0.00cvss epss 0.01

    Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.

  • CVE-2021-36890May 31, 2022
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress.

  • CVE-2016-10915Aug 20, 2019
    risk 0.00cvss epss 0.01

    The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.