33 matches found
Supsystic Contact Form Wordpress Plugin SSTI RCE
This module performs SSTI achieving RCE in webpages containing the Contact Form Wordpress plugin by Supsystic in versions 1.7.36 and before. Module Options msf use exploit/multi/http/wppluginsupsysticcontactformrce msf exploitwppluginsupsysticcontactformrce show targets ...targets... msf...
📄 WordPress Supsystic Contact Form 1.7.36 Server-Side Template Injection
This Metasploit module is for WordPress Supsystic Contact Form plugin versions 1.7.36 and below. The plugin suffers from a server-side template injection vulnerability that allows for remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...
📄 WordPress Supsystic Contact Form 1.7.36 Server-Side Template Injection
Proof of concept code execution exploit for a server-side template injection vulnerability in WordPress Supsystic Contact Form plugin versions 1.7.36 and below Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI Date: 3/30/2026 Exploit Author: bootstrapbool Vendor Homepage:...
WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI
Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI Date: 3/30/2026 Exploit Author: bootstrapbool Vendor Homepage: https://supsystic.com/plugins/contact-form-plugin/ Software Link: https://wordpress.org/plugins/contact-form-by-supsystic/ Version: str: try: res = requests.geturl...
📄 Contact Form by Supsystic 1.7.36 Server-Side Template Injection
Contact Form by Supsystic versions 1.7.36 and below server-side template injection exploit that achieves remote code execution. import requests import argparse import re import urllib.parse def checksstiurl, fieldname: printf" Testing SSTI on url with field fieldname..." Simple arithmetic test...
EUVD-2026-17239
The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection SSTI leading to Remote Code Execution RCE in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig TwigLoaderString template engine without sandboxing, combined with th...
CVE-2026-4257 Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality
The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection SSTI leading to Remote Code Execution RCE in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig TwigLoaderString template engine without sandboxing, combined with th...
CVE-2026-4257 Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality
The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection SSTI leading to Remote Code Execution RCE in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig TwigLoaderString template engine without sandboxing, combined with th...
CVE-2023-45068
Cross-Site Request Forgery CSRF vulnerability in Supsystic Contact Form by Supsystic plugin = 1.7.27 versions...
EUVD-2025-35482
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Reflected XSS.This issue affects Contact Form by Supsystic: from n/a through = 1.7.35...
CVE-2025-52753
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Reflected XSS.This issue affects Contact Form by Supsystic: from n/a through = 1.7.36...
CVE-2025-52753 WordPress Contact Form by Supsystic plugin <= 1.7.36 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Reflected XSS.This issue affects Contact Form by Supsystic: from n/a through = 1.7.36...
WordPress plugin Contact Form by Supsystic 跨站脚本漏洞
WordPress Contact Form by Supsystic plugin is a WordPress plugin for creating contact forms with drag-and-drop editing support that can be used without programming basics. The WordPress Contact Form by Supsystic plugin suffers from a cross-site scripting vulnerability that stems from the...
PT-2025-43240
Name of the Vulnerable Software and Affected Versions supsystic Contact Form versions through 1.7.35 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, which can lead to Reflected Cross-site Scripting XSS. This allows attackers to...
EUVD-2024-42914
Malicious code in bioql PyPI...
EUVD-2023-49389
Malicious code in bioql PyPI...
EUVD-2024-42918
Malicious code in bioql PyPI...
CVE-2024-48042
Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through = 1.7.28...
CVE-2024-48046
CVE-2024-48046 refers to a Stored XSS vulnerability in WordPress plugin Contact Form by Supsystic (Supsystic Contact Form). Affected versions are 1.7.28 and earlier; the issue arises from Improper Neutralization of Input During Web Page Generation (XSS). The vulnerability can lead to stored cross...
PT-2024-32965 · Supsystic · Contact Form By Supsystic
Name of the Vulnerable Software and Affected Versions: Contact Form by Supsystic versions 1.7.28 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendation...