Supsystic Contact Form By Supsystic vulnerabilities
5 known vulnerabilities affecting supsystic/contact_form_by_supsystic.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-24276P3MEDIUMCVSS 6.1PoC≥ 1.7.15, < 1.7.152021-05-05
CVE-2021-24276 [MEDIUM] CWE-79 CVE-2021-24276: The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of i
The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
nvd
CVE-2024-48042P3CRITICALCVSS 9.1≤ 1.7.282024-10-16
CVE-2024-48042 [CRITICAL] CWE-82 CVE-2024-48042: Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-
Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through <= 1.7.28.
nvd
CVE-2023-45068P4HIGHCVSS 8.8≥ n/a, ≤ 1.7.272023-10-12
CVE-2023-45068 [HIGH] CWE-352 CVE-2023-45068: Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions.
nvd
CVE-2025-52753P4HIGHCVSS 7.1≤ 1.7.362025-10-22
CVE-2025-52753 [HIGH] CWE-79 CVE-2025-52753: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Reflected XSS.This issue affects Contact Form by Supsystic: from n/a through <= 1.7.36.
nvd
CVE-2024-48046P4MEDIUMCVSS 5.9≤ 1.7.282024-10-17
CVE-2024-48046 [MEDIUM] CWE-79 CVE-2024-48046: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Stored XSS.This issue affects Contact Form by Supsystic: from n/a through <= 1.7.28.
nvd