Supsystic

Popup

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-39997

  • EPSS 0.34%
  • Veröffentlicht 13.12.2024 15:15:20
  • Zuletzt bearbeitet 10.03.2025 16:55:47

Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.

9.8

CVE-2023-51353

  • EPSS 0.11%
  • Veröffentlicht 09.12.2024 13:15:39
  • Zuletzt bearbeitet 10.03.2025 17:24:43

Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.

9.1

CVE-2024-52434

  • EPSS 1.4%
  • Veröffentlicht 18.11.2024 15:15:08
  • Zuletzt bearbeitet 20.11.2024 16:04:10

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Popup by Supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through 1.10.29.

6.5

CVE-2023-46197

  • EPSS 23.08%
  • Veröffentlicht 17.05.2024 09:15:09
  • Zuletzt bearbeitet 10.03.2025 18:00:30

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.

4.3

CVE-2024-31421

  • EPSS 0.21%
  • Veröffentlicht 15.04.2024 11:15:11
  • Zuletzt bearbeitet 10.03.2025 16:08:34

Missing Authorization vulnerability in Supsystic Popup by Supsystic.This issue affects Popup by Supsystic: from n/a through 1.10.27.

9.8

CVE-2023-3186

Exploit
  • EPSS 4.88%
  • Veröffentlicht 17.07.2023 14:15:10
  • Zuletzt bearbeitet 21.11.2024 08:16:39

The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.

4.3

CVE-2017-20065

Exploit
  • EPSS 0.23%
  • Veröffentlicht 20.06.2022 20:15:07
  • Zuletzt bearbeitet 21.11.2024 03:22:33

A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disc...

5.3

CVE-2022-0424

Exploit
  • EPSS 36.2%
  • Veröffentlicht 09.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:35

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users

6.1

CVE-2021-24275

Exploit
  • EPSS 5.9%
  • Veröffentlicht 05.05.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 05:52:44

The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

8.8

CVE-2016-10915

  • EPSS 0.11%
  • Veröffentlicht 20.08.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 02:45:03

The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.