PT-2026-41445 · WordPress · Digital Publications By Supsystic

Published

2026-05-16

·

Updated

2026-05-16

·

CVE-2020-37245

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Supsystic Digital Publications version 1.6.9
Description A path traversal issue exists in the 'Folder' input field, enabling attackers to access files outside the web root by injecting directory traversal sequences. Furthermore, the plugin does not properly sanitize input fields in publication settings, which allows stored cross-site scripting (XSS)—a technique where malicious scripts are injected into a trusted website—via parameters such as Area Width and Publication Width. These scripts execute when publications are viewed or edited.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2020-37245

Affected Products

Digital Publications By Supsystic