CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

96 matches found

WordPress Contact Form by Supsystic - Server-Side Template Injection

Contact Form by Supsystic WordPress plugin = 1.7.36 contains a server-side template injection caused by unsandboxed TwigLoaderString and cfsPreFill functionality, letting unauthenticated attackers execute arbitrary code remotely via GET parameters. id: CVE-2026-4257 info: name: WordPress Contact...

9.8CVSS6.2AI score0.86695EPSS

Exploits7References3

RedhatCVE•added 2026/05/18 1:58 p.m.•4 views

CVE-2020-37242

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or...

8.8CVSS6.2AI score0.00086EPSS

Exploits0References1

Patchstack•added 2026/03/31 6:45 a.m.•3 views

WordPress Contact Form by Supsystic plugin <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality vulnerability

Unauthenticated Server-Side Template Injection via Prefill Functionality vulnerability discovered by kiseki - Heroes Cyber Security in WordPress Plugin Contact Form by Supsystic versions = 1.7.36...

9.8CVSS5.9AI score0.86695EPSS

Exploits7References1Affected Software1

NVD•added 2026/03/30 10:16 p.m.•2 views

CVE-2026-4257

The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection SSTI leading to Remote Code Execution RCE in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig TwigLoaderString template engine without sandboxing, combined with th...

9.8CVSS0.86695EPSS

Exploits7References3

CNNVD•added 2026/03/30 12:0 a.m.•5 views

WordPress plugin Contact Form by Supsystic 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS6.3AI score0.86695EPSS

Exploits7References5

Positive Technologies•added 2026/03/30 12:0 a.m.•2 views

PT-2026-29130

Name of the Vulnerable Software and Affected Versions Contact Form by Supsystic plugin for WordPress versions up to and including 1.7.36 Description The Contact Form by Supsystic plugin for WordPress is susceptible to Server-Side Template Injection SSTI, which can lead to Remote Code Execution RC...

9.8CVSS6.2AI score0.86695EPSS

Exploits7References14

CNVD•added 2025/11/18 12:0 a.m.•2 views

WordPress Data Tables Generator by Supsystic plugin Arbitrary File Deletion Vulnerability

WordPress Data Tables Generator by Supsystic plugin is WordPress plugin for creating interactive tables and charts that support data visualization and dynamic content presentation. WordPress Data Tables Generator by Supsystic plugin has an arbitrary file deletion vulnerability that stems from...

6.5CVSS6.7AI score0.0187EPSS

Exploits0References1

Vulnrichment•added 2025/11/13 3:27 a.m.•3 views

CVE-2025-12089 Data Tables Generator by Supsystic <= 1.10.45 - Authenticated (Admin+) Arbitrary File Deletion

The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cleanCache function in all versions up to, and including, 1.10.45. This makes it possible for authenticated attackers, with Administrator-level acce...

6.5CVSS6.9AI score0.0187EPSS

Exploits0References2

Cvelist•added 2025/11/13 3:27 a.m.•4 views

CVE-2025-12089 Data Tables Generator by Supsystic <= 1.10.45 - Authenticated (Admin+) Arbitrary File Deletion

6.5CVSS0.0187EPSS

Exploits0References2

Patchstack•added 2025/11/12 11:20 p.m.•6 views

WordPress Data Tables Generator by Supsystic plugin <= 1.10.45 - Authenticated (Admin+) Arbitrary File Deletion vulnerability

Authenticated Admin+ Arbitrary File Deletion vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Data Tables Generator by Supsystic versions = 1.10.45...

6.5CVSS6.7AI score0.0187EPSS

Exploits0References1Affected Software1

CNVD•added 2025/10/24 12:0 a.m.•1 views

WordPress Contact Form by Supsystic plugin cross-site scripting vulnerability

WordPress Contact Form by Supsystic plugin is a WordPress plugin for creating contact forms with drag-and-drop editing support that can be used without programming basics. The WordPress Contact Form by Supsystic plugin suffers from a cross-site scripting vulnerability that stems from the...

7.1CVSS6.1AI score0.00075EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 2:32 p.m.•1 views

CVE-2025-52753 WordPress Contact Form by Supsystic plugin <= 1.7.36 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Reflected XSS.This issue affects Contact Form by Supsystic: from n/a through = 1.7.36...

7.1CVSS5.2AI score0.00075EPSS

Exploits0References1