Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Supsystic — Vulnerabilities & Security Advisories 31

Browse all 31 CVE security advisories affecting Supsystic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Supsystic develops WordPress plugins and themes, primarily focusing on data management, form building, and gallery creation for website administrators. The company’s software portfolio has been associated with thirty-one recorded Common Vulnerabilities and Exposures (CVEs), indicating a significant historical security footprint. These vulnerabilities predominantly involve Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper access controls within the plugin architecture. Several incidents highlight critical privilege escalation flaws that allow unauthenticated users to execute arbitrary code or modify site configurations. While the vendor has issued patches for many disclosed issues, the recurring nature of these defects suggests persistent challenges in secure coding practices. Security researchers continue to monitor Supsystic products for residual risks, particularly in older, unmaintained versions that remain widely deployed across the WordPress ecosystem.

Top products by Supsystic: Contact Form by Supsystic Popup by Supsystic Slider by Supsystic Easy Google Maps Ultimate Maps by Supsystic Social Share Buttons by Supsystic (WordPress plugin) Digital Publications by Supsystic Data Tables Generator by Supsystic Popup Plugin Photo Gallery by Supsystic (WordPress plugin) Coming Soon by Supsystic GDPR Cookie Consent by Supsystic Photo Gallery by Supsystic Data Tables Generator Pricing Table by Supsystic
CVE IDTitleCVSSSeverityPublished
CVE-2025-52753 WordPress Contact Form by Supsystic plugin <= 1.7.36 - Cross Site Scripting (XSS) vulnerability — Contact Form by SupsysticCWE-79 7.1 High2025-10-22
CVE-2025-32138 WordPress Easy Google Maps plugin <= 1.11.18 - XML External Entity vulnerability — Easy Google MapsCWE-611 6.6 Medium2025-04-04
CVE-2024-56253 WordPress Data Tables Generator by Supsystic plugin <= 1.10.36 - Broken Access Control vulnerability — Data Tables Generator by SupsysticCWE-862 5.4 Medium2025-01-02
CVE-2023-51353 WordPress Popup by Supsystic plugin <= 1.10.19 - Broken Access Control vulnerability — Popup by SupsysticCWE-862 5.3 Medium2024-12-09
CVE-2024-52434 WordPress Popup by Supsystic plugin <= 1.10.29 - Remote Code Execution (RCE) vulnerability — Popup by SupsysticCWE-82 9.1 Critical2024-11-18
CVE-2024-48046 WordPress Contact Form by Supsystic plugin <= 1.7.28 - Cross Site Scripting (XSS) vulnerability — Contact Form by SupsysticCWE-79 5.9 Medium2024-10-17
CVE-2024-48042 WordPress Contact Form by Supsystic plugin <= 1.7.28 - Remote Code Execution (RCE) vulnerability — Contact Form by SupsysticCWE-82 9.1 Critical2024-10-16
CVE-2024-47330 Broken Access Control vulnerability on multiple WordPress plugins by Supsystic — Slider by SupsysticCWE-862 4.3 Medium2024-09-26
CVE-2024-32790 WordPress Pricing Table by Supsystic plugin <= 1.9.12 - Content Injection vulnerability — Pricing Table by SupsysticCWE-80 4.3 Medium2024-05-17
CVE-2024-33910 WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Broken Access Control vulnerability — Digital Publications by SupsysticCWE-862 5.3 Medium2024-05-06
CVE-2024-32829 WordPress Data Tables Generator by Supsystic plugin <= 1.10.31 - Broken Access Control vulnerability — Data Tables Generator by SupsysticCWE-862 4.3 Medium2024-04-26
CVE-2023-25043 WordPress Data Tables Generator by Supsystic Plugin <= 1.10.25 is vulnerable to Broken Access Control — Data Tables GeneratorCWE-863 4.3 Medium2024-04-17
CVE-2024-31421 WordPress Popup by Supsystic plugin <= 1.10.27 - Broken Access Control vulnerability — Popup by SupsysticCWE-862 4.3 Medium2024-04-15
CVE-2024-32089 WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability — Digital Publications by SupsysticCWE-352 4.3 Medium2024-04-15
CVE-2024-31269 WordPress Easy Google Maps plugin <= 1.11.11 - Cross Site Request Forgery (CSRF) vulnerability — Easy Google MapsCWE-352 4.3 Medium2024-04-12
CVE-2024-31271 WordPress Ultimate Maps plugin <= 1.2.16 - Cross Site Request Forgery vulnerability — Ultimate Maps by SupsysticCWE-352 4.3 Medium2024-04-12
CVE-2024-30448 WordPress Slider by Supsystic plugin <= 1.8.10 - Cross Site Scripting (XSS) vulnerability — Slider by SupsysticCWE-79 5.9 Medium2024-03-29
CVE-2024-30237 WordPress Slider by Supsystic plugin <= 1.8.10 - SQL Injection vulnerability — Slider by SupsysticCWE-89 7.6 High2024-03-28
CVE-2024-29921 WordPress Photo Gallery by Supsystic plugin <= 1.15.16 - Cross Site Scripting (XSS) vulnerability — Photo Gallery by SupsysticCWE-79 5.9 Medium2024-03-27
CVE-2023-49191 WordPress GDPR Cookie Consent by Supsystic Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS) — GDPR Cookie Consent by SupsysticCWE-79 5.9 Medium2023-12-15
CVE-2023-45068 WordPress Contact Form by Supsystic Plugin <= 1.7.27 is vulnerable to Cross Site Request Forgery (CSRF) — Contact Form by SupsysticCWE-352 5.4 Medium2023-10-12
CVE-2023-33926 WordPress Easy Google Maps Plugin <= 1.11.7 is vulnerable to Cross Site Request Forgery (CSRF) — Easy Google MapsCWE-352 7.1 High2023-05-28
CVE-2023-22714 WordPress Coming Soon by Supsystic Plugin <= 1.7.10 is vulnerable to Cross Site Request Forgery (CSRF) — Coming Soon by SupsysticCWE-352 4.3 Medium2023-05-22
CVE-2022-47155 WordPress Slider by Supsystic Plugin <= 1.8.5 is vulnerable to Cross Site Request Forgery (CSRF) — Slider by SupsysticCWE-352 4.3 Medium2023-03-14
CVE-2022-27235 WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Broken Access Control vulnerabilities — Social Share Buttons by Supsystic (WordPress plugin)CWE-264 6.3 Medium2022-07-22
CVE-2022-33960 WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities — Social Share Buttons by Supsystic (WordPress plugin)CWE-89 8.5 High2022-07-22
CVE-2017-20065 Supsystic Popup Plugin cross-site request forgery — Popup PluginCWE-352 4.3 Medium2022-06-20
CVE-2021-36891 WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change — Photo Gallery by Supsystic (WordPress plugin)CWE-352 5.4 Medium2022-06-15
CVE-2021-24276 Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS) — Contact Form by SupsysticCWE-79 6.1 -2021-05-05
CVE-2021-24275 Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS) — Popup by SupsysticCWE-79 6.1 -2021-05-05

This page lists every published CVE security advisory associated with Supsystic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.