Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2020-37243: Supsystic Pricing Table SQL Injection and XSS Risk
CVE-2020-37243
Summary
An attacker can inject malicious SQL code or execute scripts on your website without needing a password. This could allow them to access or modify sensitive data, or even take control of your site. We recommend updating to the latest version of Supsystic Pricing Table to fix these issues.
Original title
Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl ac...
Original description
Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and 'Edit HTML' fields that execute malicious scripts when viewing pricing tables.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 16 May 2026 · Updated: 28 May 2026 · First seen: 16 May 2026