Browse all 7 CVE security advisories affecting supsysticcom. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Supsysticcom develops WordPress plugins for creating galleries, sliders, and tables, with its products primarily used for enhancing website functionality. Historically, their plugins have been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. The company has addressed several critical flaws over time, with seven CVEs documented in their history. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in their products suggests a need for more rigorous security testing and input sanitization practices in their development lifecycle.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4257 | Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality — Contact Form by SupsysticCWE-94 | 9.8 | Critical | 2026-03-30 |
| CVE-2024-13452 | Contact Form by Supsystic <= 1.7.29 - Cross-Site Request Forgery to Stored Cross-Site Scripting via saveAsCopy AJAX Action — Contact Form by SupsysticCWE-79 | 6.1 | Medium | 2025-04-16 |
| CVE-2023-2528 | Contact Form by Supsystic <= 1.7.24 - Cross-Site Request Forgery via AJAX action — Contact Form by SupsysticCWE-352 | 5.4 | Medium | 2023-05-16 |
This page lists every published CVE security advisory associated with supsysticcom. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.