Approved changes feed: RSS · Atom
cpe:2.3:a:supsystic:popup:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Supsystic (31a63952-7184-5307-ada0-8934fe420f61) |
|---|---|
| Product | Popup (79f8152c-7c2e-551a-ade0-90f4c9664cd4) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-52434 |
vulnerable | 2026-06-03 14:57:29.518115 |
WordPress Popup by Supsystic plugin <= 1.10.29 - Remote Code Execution (RCE) vulnerability
CRITICAL (9.1)
Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through <= 1.10.29.
Published: 2024-11-18T14:18:13.457Z
Updated: 2026-04-28T16:10:42.243Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31421 |
vulnerable | 2026-06-03 14:55:39.700632 |
WordPress Popup by Supsystic plugin <= 1.10.27 - Broken Access Control vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic.This issue affects Popup by Supsystic: from n/a through <= 1.10.27.
Published: 2024-04-15T10:09:53.469Z
Updated: 2026-04-28T16:09:32.132Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51353 |
vulnerable | 2026-06-03 14:53:32.005980 |
WordPress Popup by Supsystic plugin <= 1.10.19 - Broken Access Control vulnerability
MEDIUM (5.3)
Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through <= 1.10.19.
Published: 2024-12-09T11:29:51.014Z
Updated: 2026-04-29T09:51:52.413Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46197 |
vulnerable | 2026-06-03 14:53:09.333745 |
WordPress Popup by Supsystic plugin <= 1.10.19 - Unauthenticated Subscriber Email Addresses Disclosure
MEDIUM (5.3)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19.
Published: 2024-05-17T08:33:09.222Z
Updated: 2026-04-28T16:08:46.716Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3186 |
vulnerable | 2026-06-03 14:52:40.152769 |
Supsystic Popup < 1.10.19 - Prototype Pollution
The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.
Published: 2023-07-17T13:29:50.962Z
Updated: 2024-10-30T15:04:57.116Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39997 |
vulnerable | 2026-06-03 14:52:39.661720 |
WordPress Popup by Supsystic plugin <= 1.10.19 - Broken Access Control Vulnerability
MEDIUM (5.3)
Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.
Published: 2024-12-13T14:24:01.310Z
Updated: 2026-04-28T16:08:35.733Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0424 |
vulnerable | 2026-06-03 14:45:56.156038 |
Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
Published: 2022-05-09T16:50:28.000Z
Updated: 2024-08-02T23:25:40.455Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24275 |
vulnerable | 2026-06-03 14:43:56.692540 |
Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)
The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
Published: 2021-05-05T18:28:48.000Z
Updated: 2024-08-03T19:28:23.280Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-10915 |
vulnerable | 2026-06-03 14:35:29.931333 |
Details available
The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.
Published: 2019-08-20T14:52:50.000Z
Updated: 2024-08-06T03:38:56.719Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.