14 matches found
CVE-2020-37243 WordPress Plugin Supsystic Pricing Table 1.8.7 SQL Injection XSS
Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and...
CVE-2020-37243
Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and...
CVE-2020-37243 WordPress Plugin Supsystic Pricing Table 1.8.7 SQL Injection XSS
Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and...
CVE-2020-37243
Affected product: WordPress plugin Supsystic Pricing Table 1.8.7. Vulnerabilities: SQL injection in the GET parameter ‘sidx’ via the getListForTbl action; stored cross-site scripting in the ‘Edit name’ and ‘Edit HTML’ fields that execute scripts when viewing pricing tables. Impact: unauthenticate...
WordPress plugin Supsystic Pricing Table SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-41443
Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and...
EUVD-2024-30576
Malicious code in bioql PyPI...
CVE-2024-32790
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Supsystic Pricing Table by Supsystic allows Code Injection.This issue affects Pricing Table by Supsystic: from n/a through 1.9.12...
CVE-2024-32790
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Supsystic Pricing Table by Supsystic allows Code Injection.This issue affects Pricing Table by Supsystic: from n/a through 1.9.12...
CVE-2021-46782
The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting...
Pricing Table by Supsystic < 1.9.0 - Authenticated Stored Cross-Site Scripting
The label and datahtml POST parameter are not properly sanitised and escaped before being saved and output back in the page, leading to stored Cross-Site Scripting issues v alert1alert1 instead of the one above v 1.9.0, the edit HTML feature was removed client side but a crafted request could sti...
WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities
Exploit Title: WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/pricing-table-by-supsystic.1.8.7.zip Version: 1.8.7 and 1.8.6...
CVE-2020-9393
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS...
Pricing Table by Supsystic < 1.8.2 - Unauthenticated Stored XSS
No permission check on the ImportJSONTable endpoint allows for malicious javascript to be injected by unauthenticated users. PoC...