CRITICALβœ“ PATCHπŸ‡΅πŸ‡± Wersja polska

CVE-2024-52434

CVSS 9.1v3.1pub. 2024-11-18upd. 2026-04-23

Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through <= 1.10.29.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Supsystic Popup

    APP
    Supsystic
    ≀ 1.10.29
🟒
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2023-3186CRITICAL9.8ten sam produkt

The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allo...

CVE-2016-10915HIGH8.8ten sam produkt

The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.

CVE-2023-39997MEDIUM5.3ten sam produkt

Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configur...

CVE-2023-51353MEDIUM5.3ten sam produkt

Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Exploiting Incor...

CVE-2023-46197MEDIUM5.3ten sam produkt

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com ...

CVE-2024-52434 β€” Supsystic β€” Popup β€” CRITICAL β€” CVSS 9.1 | CVEbaza.pl