Go Pricing
by Granthweb
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-2500 | Hig | 0.57 | 8.8 | 0.01 | May 25, 2023 | The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'go_pricing' shortcode 'data' parameter. This allows authenticated attackers,… | ||
| CVE-2023-2496 | Hig | 0.47 | 7.1 | 0.01 | May 24, 2023 | The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated… | ||
| CVE-2023-2498 | Med | 0.42 | 6.4 | 0.00 | May 24, 2023 | The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level… | ||
| CVE-2023-2494 | Med | 0.30 | 4.6 | 0.00 | May 24, 2023 | The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated… |
- risk 0.57cvss 8.8epss 0.01
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'go_pricing' shortcode 'data' parameter. This allows authenticated attackers,…
- risk 0.47cvss 7.1epss 0.01
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated…
- risk 0.42cvss 6.4epss 0.00
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level…
- risk 0.30cvss 4.6epss 0.00
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated…