Supsystic — CraftedSignal Threat Feed

Supsystic Digital Publications Path Traversal and Stored XSS Vulnerability (CVE-2020-37245)

hello@craftedsignal.io — Sat, 16 May 2026 16:19:28 +0000

Supsystic Digital Publications version 1.6.9 is a WordPress plugin that suffers from both a path traversal and a stored cross-site scripting (XSS) vulnerability. The path traversal, identified as CVE-2020-37245, is located in the ‘Folder’ input field and allows unauthenticated attackers to access arbitrary files outside of the web root by injecting directory traversal sequences (e.g., ../). The plugin also fails to properly sanitize input fields within publication settings, specifically ‘Area Width’ and ‘Publication Width’, leading to stored XSS. Successful exploitation allows an attacker to execute arbitrary JavaScript code in the context of other users who view or edit the publications, potentially leading to session hijacking, defacement, or further malicious actions.

Attack Chain

An attacker identifies a vulnerable Supsystic Digital Publications 1.6.9 installation.
The attacker crafts a malicious HTTP request to exploit the path traversal vulnerability by injecting directory traversal sequences in the Folder input field.
The server processes the request without proper validation, allowing the attacker to read arbitrary files outside the web root.
Alternatively, the attacker injects malicious JavaScript code into the ‘Area Width’ or ‘Publication Width’ parameters within the publication settings.
The server stores the unsanitized JavaScript code in the WordPress database.
A legitimate user views or edits the publication containing the injected XSS payload.
The user’s browser executes the malicious JavaScript code, potentially stealing cookies or redirecting to a malicious site.
The attacker leverages the stolen session cookie or the ability to inject content to further compromise the WordPress site.

Impact

Successful exploitation of the path traversal vulnerability (CVE-2020-37245) allows an attacker to read sensitive files on the server, potentially exposing credentials, configuration files, or other confidential information. The stored XSS vulnerability allows attackers to inject malicious scripts that execute in the context of other users, potentially leading to account takeover, data theft, or defacement of the website. This can impact any WordPress website running the vulnerable version of the plugin until it’s patched or removed. The CVSS v3.1 base score for CVE-2020-37245 is 7.5, indicating a high severity vulnerability.

Recommendation

Upgrade to a patched version of Supsystic Digital Publications that addresses the path traversal and XSS vulnerabilities.
Apply input validation and sanitization to all user-supplied input, especially in publication settings, to prevent XSS attacks.
Implement proper access controls and file permission restrictions to limit the impact of path traversal vulnerabilities.
Monitor web server logs for suspicious activity, such as requests containing directory traversal sequences, to detect potential exploitation attempts.
Deploy the Sigma rule Detect Supsystic Path Traversal to identify exploitation attempts in web server logs.
Deploy the Sigma rule Detect Supsystic XSS Attempt to detect potential attempts to inject malicious Javascript into publication parameters.

CVE-2020-37244: Supsystic Membership 1.4.7 Unauthenticated SQL Injection Vulnerability

hello@craftedsignal.io — Sat, 16 May 2026 16:19:14 +0000

Supsystic Membership plugin version 1.4.7 is susceptible to SQL injection attacks due to insufficient input validation on the ‘search’ and ‘sidx’ parameters within the badges module. This vulnerability, identified as CVE-2020-37244, enables unauthenticated remote attackers to inject arbitrary SQL queries via crafted GET requests. Successful exploitation allows the attacker to read, modify, or delete sensitive data stored in the application’s database. The vulnerable software is a WordPress plugin. Attackers leverage this flaw to compromise the integrity of the WordPress site and gain unauthorized access to sensitive information.

Attack Chain

An unauthenticated attacker identifies a WordPress site running the vulnerable Supsystic Membership plugin version 1.4.7.
The attacker crafts a malicious GET request targeting the badges module.
The attacker injects SQL code into the ‘search’ or ‘sidx’ parameter of the GET request.
The web server processes the request and executes the injected SQL query against the database.
The attacker uses time-based blind or UNION-based SQL injection techniques to extract sensitive data, bypassing normal authentication mechanisms.
The extracted data may include user credentials, personal information, or other sensitive business data stored in the database.
The attacker analyzes the extracted data to identify further attack vectors or valuable information.
The attacker may use the compromised database to gain administrative access to the WordPress site, or to exfiltrate data for malicious purposes.

Impact

Successful exploitation of the SQL injection vulnerability can lead to unauthorized access to sensitive information stored in the WordPress site’s database. This includes user credentials, personal information, and other confidential data. A successful attack could result in data breaches, identity theft, financial losses, and reputational damage to the affected organization. Given the unauthenticated nature of the vulnerability, any website running the vulnerable plugin is susceptible to attack.

Recommendation

Upgrade the Supsystic Membership plugin to a version beyond 1.4.7 to remediate CVE-2020-37244.
Deploy the Sigma rule Detect CVE-2020-37244 Supsystic Membership SQL Injection Attempt to monitor for exploitation attempts.
Implement input validation and sanitization measures to prevent SQL injection vulnerabilities in web applications.
Monitor web server logs for suspicious GET requests containing SQL injection payloads, focusing on the ‘search’ and ‘sidx’ parameters in requests to the badges module, as covered by the Sigma rule.

Supsystic Pricing Table Plugin <= 1.8.7 SQL Injection Vulnerability (CVE-2020-37243)

hello@craftedsignal.io — Sat, 16 May 2026 16:18:59 +0000

Supsystic Pricing Table plugin version 1.8.7 is vulnerable to SQL injection via the ‘sidx’ GET parameter. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by manipulating the getListForTbl action. Additionally, the plugin contains stored cross-site scripting (XSS) vulnerabilities in the ‘Edit name’ and ‘Edit HTML’ fields. These XSS vulnerabilities allow attackers to inject malicious scripts that are executed when users view the affected pricing tables. Successful exploitation of the SQL injection vulnerability could allow an attacker to read, modify, or delete sensitive data from the WordPress database. The XSS vulnerability can lead to session hijacking or arbitrary script execution in the context of the user’s browser.

Attack Chain

An unauthenticated attacker identifies a WordPress site using the vulnerable Supsystic Pricing Table plugin version 1.8.7.
The attacker crafts a malicious HTTP GET request targeting the getListForTbl action, injecting SQL code into the ‘sidx’ parameter.
The WordPress server processes the request, and the injected SQL code is executed against the database.
The attacker uses the SQL injection vulnerability to extract sensitive data such as user credentials, API keys, or other confidential information.
The attacker leverages stored XSS vulnerabilities by injecting malicious scripts into the ‘Edit name’ or ‘Edit HTML’ fields of a pricing table.
A legitimate user views the pricing table containing the injected XSS payload.
The malicious script executes within the user’s browser, potentially stealing session cookies or redirecting the user to a phishing site.
The attacker uses the stolen session cookies to impersonate the user, gaining unauthorized access to the WordPress site.

Impact

Successful exploitation of the SQL injection vulnerability (CVE-2020-37243) can lead to complete database compromise, including unauthorized access to sensitive data, modification of website content, and potential privilege escalation. The stored XSS vulnerabilities allow attackers to inject malicious scripts that can hijack user sessions, deface websites, or redirect users to phishing sites. Given the widespread use of WordPress and its plugins, this vulnerability poses a significant risk to numerous websites and their users.

Recommendation

Upgrade the Supsystic Pricing Table plugin to a version greater than 1.8.7 to patch the SQL injection vulnerability (CVE-2020-37243).
Apply input validation and sanitization to all user-supplied data, especially GET parameters, to prevent SQL injection attacks.
Implement a web application firewall (WAF) rule to detect and block SQL injection attempts targeting the ‘sidx’ GET parameter.
Deploy the Sigma rule Detect CVE-2020-37243 Exploitation — Supsystic Pricing Table SQL Injection to identify malicious HTTP requests exploiting this vulnerability.
Review pricing tables and sanitize suspicious content from ‘Edit name’ and ‘Edit HTML’ fields to mitigate stored XSS risks.

Supsystic Ultimate Maps SQL Injection Vulnerability (CVE-2020-37242)

hello@craftedsignal.io — Sat, 16 May 2026 16:18:44 +0000

Supsystic Ultimate Maps is a WordPress plugin that allows users to create custom maps. Version 1.1.12 of this plugin contains a critical SQL injection vulnerability (CVE-2020-37242). Unauthenticated attackers can exploit this vulnerability by injecting malicious SQL code into the ‘sidx’ GET parameter when calling the ‘getListForTbl’ action. Successful exploitation allows attackers to execute arbitrary SQL queries, potentially leading to the extraction of sensitive database information. This vulnerability poses a significant risk to websites using the affected plugin, as it could result in data breaches and compromise of user information.

Attack Chain

An unauthenticated attacker identifies a WordPress website running Supsystic Ultimate Maps version 1.1.12.
The attacker crafts a malicious HTTP GET request targeting the getListForTbl action with a SQL injection payload in the sidx parameter.
The malicious GET request is sent to the WordPress website.
The WordPress plugin processes the request without proper sanitization of the sidx parameter.
The injected SQL code is executed against the website’s database.
The attacker uses boolean-based or time-based blind SQL injection techniques to extract data.
Sensitive information, such as usernames, passwords, or other database records, is retrieved.
The attacker exfiltrates the stolen data for malicious purposes.

Impact

Successful exploitation of CVE-2020-37242 can lead to the complete compromise of the vulnerable website’s database. Attackers can gain access to sensitive information, including user credentials, personal data, and other confidential data stored in the database. This can result in data breaches, identity theft, financial loss, and reputational damage for the website owner and its users. The CVSS v3.1 base score for this vulnerability is 8.2, indicating a high level of severity.

Recommendation

Upgrade Supsystic Ultimate Maps to a patched version that addresses CVE-2020-37242 to remediate the SQL injection vulnerability.
Deploy the Sigma rule Detect CVE-2020-37242 Exploitation — SQL Injection in Supsystic Ultimate Maps to your SIEM to detect exploitation attempts.
Monitor web server logs for suspicious GET requests to the getListForTbl action containing SQL injection payloads in the sidx parameter as covered by the detection rule.