Pricing Table
by WordPress
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0867 | 0.07 | — | 0.11 | May 16, 2022 | The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users | |||
| CVE-2023-0900 | 0.01 | — | 0.03 | Jun 5, 2023 | The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. | |||
| CVE-2024-13628 | 0.00 | — | 0.01 | Feb 26, 2025 | The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||
| CVE-2021-36896 | 0.00 | — | 0.01 | Apr 11, 2022 | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2 | |||
| CVE-2022-0640 | 0.00 | — | 0.01 | Mar 21, 2022 | The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. |
- CVE-2022-0867May 16, 2022risk 0.07cvss —epss 0.11
The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users
- CVE-2023-0900Jun 5, 2023risk 0.01cvss —epss 0.03
The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.
- CVE-2024-13628Feb 26, 2025risk 0.00cvss —epss 0.01
The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
- CVE-2021-36896Apr 11, 2022risk 0.00cvss —epss 0.01
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2
- CVE-2022-0640Mar 21, 2022risk 0.00cvss —epss 0.01
The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.