CVE-2020-37243

HIGH

WordPress Plugin Supsystic Pricing Table 1.8.7 SQL Injection XSS

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37243. PoCs published by Erik David Martin.

AI-analyzed exploit summary The exploit demonstrates SQL injection via the 'sidx' GET parameter and stored XSS vulnerabilities in the 'Edit name' and 'Edit HTML' features of the WordPress Supsystic Pricing Table plugin. It includes payloads and instructions for exploitation.

Description

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and 'Edit HTML' fields that execute malicious scripts when viewing pricing tables.

Exploits (1)

exploitdb WORKING POC

by Erik David Martin · textwebappsphp

https://www.exploit-db.com/exploits/49533

View Code ZIP pw:eip

The exploit demonstrates SQL injection via the 'sidx' GET parameter and stored XSS vulnerabilities in the 'Edit name' and 'Edit HTML' features of the WordPress Supsystic Pricing Table plugin. It includes payloads and instructions for exploitation.

Classification

Working Poc 95%

Attack Type

Sqli | Xss

Complexity

Moderate

Reliability

Reliable

Target: WordPress Plugin Supsystic Pricing Table 1.8.7 and 1.8.6

Auth required

Prerequisites: WordPress admin access · Supsystic Pricing Table plugin installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-49533

https://www.exploit-db.com/exploits/49533

Product product

Official Product Homepage

https://supsystic.com/

Product product

Product Reference

https://downloads.wordpress.org/plugin/pricing-table-by-supsystic.1.8.7.zip

Third Party Advisory third-party-advisory

VulnCheck Advisory: WordPress Plugin Supsystic Pricing Table 1.8.7 SQL Injection XSS

https://www.vulncheck.com/advisories/wordpress-plugin-supsystic-pricing-table-sql-injection-xss

Scores

CVSS v3 8.2

EPSS 0.0028

EPSS Percentile 19.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (2)

Supsystic/Pricing Table 1.8.6

Supsystic/Pricing Table 1.8.7

Published May 16, 2026

Tracked Since May 16, 2026