Vulnerabilities > Supsystic

DATE CVE VULNERABILITY TITLE RISK
2024-09-26 CVE-2024-47330 Missing Authorization vulnerability in Supsystic Slider and Social Share Buttons
Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.
network
low complexity
supsystic CWE-862
8.8
2024-07-02 CVE-2024-5219 Cross-site Scripting vulnerability in Supsystic Easy Google Maps
The Easy Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 1.11.15 due to insufficient input sanitization and output escaping.
network
low complexity
supsystic CWE-79
5.4
2024-01-16 CVE-2023-6732 Cross-site Scripting vulnerability in Supsystic Ultimate Maps
The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
network
low complexity
supsystic CWE-79
4.8
2023-12-15 CVE-2023-49191 Cross-site Scripting vulnerability in Supsystic Gdpr Cookie Consent
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic GDPR Cookie Consent by Supsystic allows Stored XSS.This issue affects GDPR Cookie Consent by Supsystic: from n/a through 2.1.2.
network
low complexity
supsystic CWE-79
4.8
2023-12-09 CVE-2023-5756 Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital Publications BY Supsystic
The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6.
network
low complexity
supsystic CWE-352
8.8
2023-10-12 CVE-2023-45068 Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions.
network
low complexity
supsystic CWE-352
8.8
2023-07-17 CVE-2023-3186 Unspecified vulnerability in Supsystic Popup
The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.
network
low complexity
supsystic
critical
9.8
2023-06-09 CVE-2023-2526 Unspecified vulnerability in Supsystic Easy Google Maps
The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7.
network
low complexity
supsystic
5.4
2023-05-28 CVE-2023-33926 Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <= 1.11.7 versions.
network
low complexity
supsystic CWE-352
8.8
2023-05-22 CVE-2023-22714 Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions.
network
low complexity
supsystic CWE-352
8.8