Lucene search
+L

33 matches found

Metasploit
Metasploit
added 2026/05/26 7:1 p.m.333 views

Supsystic Contact Form Wordpress Plugin SSTI RCE

This module performs SSTI achieving RCE in webpages containing the Contact Form Wordpress plugin by Supsystic in versions 1.7.36 and before. Module Options msf use exploit/multi/http/wppluginsupsysticcontactformrce msf exploitwppluginsupsysticcontactformrce show targets ...targets... msf...

9.8CVSS5.9AI score0.41475EPSS
Exploits9
Packet Storm
Packet Storm
added 2026/05/26 12:0 a.m.88 views

📄 WordPress Supsystic Contact Form 1.7.36 Server-Side Template Injection

This Metasploit module is for WordPress Supsystic Contact Form plugin versions 1.7.36 and below. The plugin suffers from a server-side template injection vulnerability that allows for remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS6.1AI score0.41475EPSS
Exploits9
Packet Storm
Packet Storm
added 2026/05/14 12:0 a.m.69 views

📄 WordPress Supsystic Contact Form 1.7.36 Server-Side Template Injection

Proof of concept code execution exploit for a server-side template injection vulnerability in WordPress Supsystic Contact Form plugin versions 1.7.36 and below Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI Date: 3/30/2026 Exploit Author: bootstrapbool Vendor Homepage:...

9.8CVSS6.2AI score0.41475EPSS
Exploits9
Exploit DB
Exploit DB
added 2026/05/14 12:0 a.m.82 views

WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI

Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI Date: 3/30/2026 Exploit Author: bootstrapbool Vendor Homepage: https://supsystic.com/plugins/contact-form-plugin/ Software Link: https://wordpress.org/plugins/contact-form-by-supsystic/ Version: str: try: res = requests.geturl...

9.8CVSS5.8AI score0.41475EPSS
Exploits9
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.120 views

📄 Contact Form by Supsystic 1.7.36 Server-Side Template Injection

Contact Form by Supsystic versions 1.7.36 and below server-side template injection exploit that achieves remote code execution. import requests import argparse import re import urllib.parse def checksstiurl, fieldname: printf" Testing SSTI on url with field fieldname..." Simple arithmetic test...

9.8CVSS6.1AI score0.41475EPSS
Exploits9
EUVD
EUVD
added 2026/03/31 12:31 a.m.6 views

EUVD-2026-17239

The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection SSTI leading to Remote Code Execution RCE in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig TwigLoaderString template engine without sandboxing, combined with th...

9.8CVSS6.2AI score0.41475EPSS
Exploits9References4
Cvelist
Cvelist
added 2026/03/30 9:26 p.m.101 views

CVE-2026-4257 Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality

The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection SSTI leading to Remote Code Execution RCE in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig TwigLoaderString template engine without sandboxing, combined with th...

9.8CVSS0.41475EPSS
Exploits9References3
Vulnrichment
Vulnrichment
added 2026/03/30 9:26 p.m.4 views

CVE-2026-4257 Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality

The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection SSTI leading to Remote Code Execution RCE in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig TwigLoaderString template engine without sandboxing, combined with th...

9.8CVSS6.2AI score0.41475EPSS
Exploits9References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.16 views

CVE-2023-45068

Cross-Site Request Forgery CSRF vulnerability in Supsystic Contact Form by Supsystic plugin = 1.7.27 versions...

8.8CVSS7.1AI score0.00208EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 3:31 p.m.6 views

EUVD-2025-35482

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Reflected XSS.This issue affects Contact Form by Supsystic: from n/a through = 1.7.35...

5.9AI score0.00233EPSS
Exploits0References2
NVD
NVD
added 2025/10/22 3:15 p.m.4 views

CVE-2025-52753

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Reflected XSS.This issue affects Contact Form by Supsystic: from n/a through = 1.7.36...

7.1CVSS0.00233EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.11 views

CVE-2025-52753 WordPress Contact Form by Supsystic plugin <= 1.7.36 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Reflected XSS.This issue affects Contact Form by Supsystic: from n/a through = 1.7.36...

7.1CVSS0.00233EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.7 views

WordPress plugin Contact Form by Supsystic 跨站脚本漏洞

WordPress Contact Form by Supsystic plugin is a WordPress plugin for creating contact forms with drag-and-drop editing support that can be used without programming basics. The WordPress Contact Form by Supsystic plugin suffers from a cross-site scripting vulnerability that stems from the...

7.1CVSS5.9AI score0.00233EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.6 views

PT-2025-43240

Name of the Vulnerable Software and Affected Versions supsystic Contact Form versions through 1.7.35 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, which can lead to Reflected Cross-site Scripting XSS. This allows attackers to...

7.1CVSS6.2AI score0.00233EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.18 views

EUVD-2024-42914

Malicious code in bioql PyPI...

9.1CVSS6.5AI score0.01126EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.21 views

EUVD-2023-49389

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00208EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-42918

Malicious code in bioql PyPI...

5.9CVSS6.6AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:33 p.m.16 views

CVE-2024-48042

Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through = 1.7.28...

9.1CVSS5.9AI score0.01126EPSS
Exploits0References1
CVE
CVE
added 2024/10/17 12:19 p.m.46 views

CVE-2024-48046

CVE-2024-48046 refers to a Stored XSS vulnerability in WordPress plugin Contact Form by Supsystic (Supsystic Contact Form). Affected versions are 1.7.28 and earlier; the issue arises from Improper Neutralization of Input During Web Page Generation (XSS). The vulnerability can lead to stored cross...

5.9CVSS5.9AI score0.00249EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.4 views

PT-2024-32965 · Supsystic · Contact Form By Supsystic

Name of the Vulnerable Software and Affected Versions: Contact Form by Supsystic versions 1.7.28 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendation...

5.9CVSS5.8AI score0.00249EPSS
Exploits0References3
Rows per page
Query Builder