PT-2026-41445 · WordPress · Digital Publications By Supsystic
Published
2026-05-16
·
Updated
2026-05-16
·
CVE-2020-37245
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Supsystic Digital Publications version 1.6.9
Description
A path traversal issue exists in the 'Folder' input field, enabling attackers to access files outside the web root by injecting directory traversal sequences. Furthermore, the plugin does not properly sanitize input fields in publication settings, which allows stored cross-site scripting (XSS)—a technique where malicious scripts are injected into a trusted website—via parameters such as
Area Width and Publication Width. These scripts execute when publications are viewed or edited.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Digital Publications By Supsystic