High severity7.1NVD Advisory· Published May 24, 2023· Updated Apr 8, 2026
CVE-2023-2496
CVE-2023-2496
Description
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected products
2- Range: <=3.3.19
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.