Unauthenticated Access and Manipulation of Pricing Tables in Pricing Table by Supsystic Plugin

Unauthenticated Access and Manipulation of Pricing Tables in Pricing Table by Supsystic Plugin

CVE-2020-9392 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.

Learn more about our Wordpress Pen Testing.