Vulnerabilities and security researches forpopup-by-supsystic popup-by-supsystic

Jun 06, 2024

CVE, Research URL: CVE-2023-46197
Home page URL: Security reports for Popup by Supsystic
Application: Popup by Supsystic
Date: May 17, 2024
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-3186
Home page URL: Security reports for Popup by Supsystic
Application: Popup by Supsystic
Date: Jul 17, 2023
Research Description: The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24275
Home page URL: Security reports for Popup by Supsystic
Application: Popup by Supsystic
Date: May 06, 2021
Research Description: The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-0424
Home page URL: Security reports for Popup by Supsystic
Application: Popup by Supsystic
Date: May 09, 2022
Research Description: The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-31421
Home page URL: Security reports for Popup by Supsystic
Application: Popup by Supsystic
Date: Apr 15, 2024
Research Description: Missing Authorization vulnerability in Supsystic Popup by Supsystic.This issue affects Popup by Supsystic: from n/a through 1.10.27.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2016-10915
Home page URL: Security reports for Popup by Supsystic
Application: Popup by Supsystic
Date: Aug 20, 2019
Research Description: The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-39997
Home page URL: Security reports for Popup by Supsystic
Application: Popup by Supsystic
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.
Affected versions: Min -, max -.
Status: vulnerable

Nov 19, 2024

CVE, Research URL: CVE-2024-52434
Home page URL: Security reports for Popup by Supsystic
Application: Popup by Supsystic
Date: Nov 18, 2024
Research Description: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Popup by Supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through 1.10.29.
Affected versions: Min -, max -.
Status: vulnerable

Mar 21, 2025

CVE, Research URL: CVE-2023-51353
Home page URL: Security reports for Popup by Supsystic
Application: Popup by Supsystic
Date: Dec 09, 2024
Research Description: Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.
Affected versions: Min -, max -.
Status: vulnerable