These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
The supplied record describes a local file inclusion and path traversal issue in the Supsystic Backup WordPress plugin. By manipulating the download path parameter in admin.php requests, an unauthenticated attacker can read sensitive files and, through the removeAction path, delete arbitrary files. The NVD metadata assigns CVE-2020-37246 a CVSS score of 6.9 (medium) and maps it to CWE-98.
CVE-2020-37245 affects Supsystic Digital Publications 1.6.9 and combines directory traversal with stored cross-site scripting. An attacker can use the Folder input field to reach files outside the web root, and unsanitized publication settings can persist script injection that triggers when publications are viewed or edited.
CVE-2020-37244 describes an unauthenticated SQL injection in Supsystic Membership 1.4.7 for WordPress. According to the supplied NVD record and VulnCheck advisory reference, attackers can reach the badges module and inject malicious input through the 'search' and 'sidx' parameters, enabling arbitrary SQL queries and potential database data exposure. The supplied record assigns a CVSS 4.0 vector consistent [truncated]
CVE-2020-37243 affects Supsystic Pricing Table 1.8.7 for WordPress. The supplied description reports an unauthenticated SQL injection in the sidx GET parameter through the getListForTbl action, along with stored cross-site scripting in the Edit name and Edit HTML fields that executes when pricing tables are viewed. Because the SQL injection is reachable without authentication and the XSS is stored, expose [truncated]
CVE-2020-37242 describes an unauthenticated SQL injection in the Supsystic Ultimate Maps WordPress plugin, version 1.1.12. The issue is triggered through the getListForTbl action and the sidx GET parameter, allowing an attacker to run arbitrary SQL queries against the backend database. The supplied record rates the issue High severity (CVSS 8.8) and identifies CWE-89.