CVE-2020-37245

HIGH

WordPress Plugin Supsystic Digital Publications 1.6.9 Path Traversal XSS

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37245. PoCs published by Erik David Martin.

AI-analyzed exploit summary The writeup details multiple vulnerabilities in WordPress Plugin Supsystic Digital Publications 1.6.9, including path traversal, DoS via infinite loop, and stored XSS. It provides technical descriptions and PoC payloads for each vulnerability.

Description

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing stored cross-site scripting attacks through script injection in parameters like Area Width and Publication Width that execute when publications are viewed or edited.

Exploits (1)

exploitdb WRITEUP
by Erik David Martin · textwebappsphp
https://www.exploit-db.com/exploits/49542

The writeup details multiple vulnerabilities in WordPress Plugin Supsystic Digital Publications 1.6.9, including path traversal, DoS via infinite loop, and stored XSS. It provides technical descriptions and PoC payloads for each vulnerability.

Classification
Writeup 95%
Attack Type
Xss | Dos | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin Supsystic Digital Publications 1.6.9
Auth required
Prerequisites: WordPress admin access · Plugin installed and activated
devstral-2 · analyzed May 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-49542
https://www.exploit-db.com/exploits/49542
Product product
Official Product Homepage
https://supsystic.com/
Third Party Advisory third-party-advisory
VulnCheck Advisory: WordPress Plugin Supsystic Digital Publications 1.6.9 Path Traversal XSS
https://www.vulncheck.com/advisories/wordpress-plugin-supsystic-digital-publications-path-traversal-xss

Scores

CVSS v3 7.5
EPSS 0.0050
EPSS Percentile 38.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
Supsystic/Digital Publications 1.6.9
Published May 16, 2026
Tracked Since May 16, 2026