Vulnerabilities and security researches forpricing-table-by-supsystic pricing-table-by-supsystic

Jun 06, 2024

CVE, Research URL: CVE-2021-46782
Home page URL: Security reports for Pricing Table by Supsystic
Application: Pricing Table by Supsystic
Date: Apr 25, 2022
Research Description: The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting
Affected versions: max 1.9.5.
Status: vulnerable

CVE, Research URL: CVE-2020-9392
Home page URL: Security reports for Pricing Table by Supsystic
Application: Pricing Table by Supsystic
Date: Mar 23, 2020
Research Description: An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.
Affected versions: max 1.8.2.
Status: vulnerable

CVE, Research URL: CVE-2020-9395
Home page URL: Security reports for Pricing Table by Supsystic
Application: Pricing Table by Supsystic
Date: Jul 07, 2020
Research Description: An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer.
Affected versions: max 1.8.2.
Status: vulnerable

CVE, Research URL: CVE-2024-32790
Home page URL: Security reports for Pricing Table by Supsystic
Application: Pricing Table by Supsystic
Date: May 17, 2024
Research Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Supsystic Pricing Table by Supsystic allows Code Injection.This issue affects Pricing Table by Supsystic: from n/a through 1.9.12.
Affected versions: max 1.9.13.
Status: vulnerable

CVE, Research URL: CVE-2020-9393
Home page URL: Security reports for Pricing Table by Supsystic
Application: Pricing Table by Supsystic
Date: Feb 26, 2020
Research Description: An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS.
Affected versions: max 1.8.2.
Status: vulnerable

CVE, Research URL: CVE-2020-9394
Home page URL: Security reports for Pricing Table by Supsystic
Application: Pricing Table by Supsystic
Date: Feb 26, 2020
Research Description: An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF.
Affected versions: max 1.8.2.
Status: vulnerable

May 19, 2026

CVE, Research URL: CVE-2020-37243
Home page URL: Security reports for Pricing Table by Supsystic
Application: Pricing Table by Supsystic
Date: May 16, 2026
Research Description: Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and 'Edit HTML' fields that execute malicious scripts when viewing pricing tables.
Affected versions: max 1.8.7.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: c06b0334-5092-425e-9559-3c4a0d1b00d5
Home page URL: Security reports for Pricing Table by Supsystic
Application: Pricing Table by Supsystic
Date: -
Research Description: Pricing Table by Supsystic [pricing-table-by-supsystic] < 1.8.1 Pricing Table by Supsystic < 1.8.1 - Cross-Site Request Forgery to XSS and Setting Changes CSRF can be exploited against any of the functionalities in the Pricing Table by Supsystic WordPress plugin in vulnerable versions.
Affected versions: max 1.8.1.
Status: vulnerable

CVE, Research URL: 35643e57-b566-4303-9d8c-b35434557725
Home page URL: Security reports for Pricing Table by Supsystic
Application: Pricing Table by Supsystic
Date: -
Research Description: Pricing Table by Supsystic [pricing-table-by-supsystic] < 1.9.0 Pricing Table by Supsystic < 1.9.0 - Authenticated Stored Cross-Site Scripting The label and data[html] POST parameter are not properly sanitised and escaped before being saved and output back in the page, leading to stored Cross-Site Scripting issues
Affected versions: max 1.9.0.
Status: vulnerable

CVE, Research URL: 74ffc3c0416c326bf32bde4b1ab095b8806d6218
Home page URL: Security reports for Pricing Table by Supsystic
Application: Pricing Table by Supsystic
Date: Feb 08, 2021
Research Description: Pricing Table by Supsystic [pricing-table-by-supsystic] < 1.8.9 WordPress Pricing Table by Supsystic plugin <= 1.8.8 - SQL injection (SQLi) vulnerability SQL injection (SQLi) vulnerability found by Erik David Martin in WordPress Pricing Table by Supsystic plugin (versions <= 1.8.8).
Affected versions: max 1.8.9.
Status: vulnerable

CVE, Research URL: 9f8318c32000a7c41c9c4f7a0cfd150fd11725fc
Home page URL: Security reports for Pricing Table by Supsystic
Application: Pricing Table by Supsystic
Date: Feb 08, 2021
Research Description: Pricing Table by Supsystic [pricing-table-by-supsystic] < 1.9.0 WordPress Pricing Table by Supsystic plugin <= 1.8.9 - Stored Cross-Site Scripting (XSS) vulnerability Stored Cross-Site Scripting (XSS) vulnerability found by Erik David Martin in WordPress Pricing Table by Supsystic plugin (versions <= 1.8.9).
Affected versions: max 1.9.0.
Status: vulnerable

CVE, Research URL: 5bebf9a194c10914436566573ac735dbc551290a
Home page URL: Security reports for Pricing Table by Supsystic
Application: Pricing Table by Supsystic
Date: Feb 08, 2021
Research Description: Pricing Table by Supsystic [pricing-table-by-supsystic] < 1.8.9 Pricing Table by Supsystic <= 1.8.8 - Boolean-Based Blind SQL Injections The Pricing Table by Supsystic plugin for WordPress is vulnerable to boolean-based blind SQL Injection via the ‘sidx’ parameter in versions up to, and including, 1.8.8 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 1.8.9.
Status: vulnerable

CVE, Research URL: 8ecbeaaa-7986-4109-a56a-3d67496330f2
Home page URL: Security reports for Pricing Table by Supsystic
Application: Pricing Table by Supsystic
Date: -
Research Description: Pricing Table by Supsystic [pricing-table-by-supsystic] < 1.8.9 Pricing Table by Supsystic < 1.8.9 - Authenticated SQL Injections The GET parameter sidx and sord are used in a SQL statement without being sanitised when searching for pricing tables in the dashboard, leading to an authenticated SQL Injection issues.
Affected versions: max 1.8.9.
Status: vulnerable