Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:23 a.m.12 views

CVE-2023-2500

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'gopricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-lev...

8.8CVSS7.2AI score0.00884EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/05/25 12:0 a.m.15 views

WordPress Go Pricing Plugin <= 3.3.19 is vulnerable to PHP Object Injection

Software Go Pricing Type Plugin Vulnerable versions = 3.3.19 Fixed in 3.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-2500 Patch priority Medium CVSS severity Medium 4.9 Developer Claim ownership PSID 888d475edb31 Credits Lana Codes Required privilege Subscriber...

8.8CVSS6.8AI score0.00884EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/24 11:38 p.m.16 views

CVE-2023-2500 Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Subscriber+) PHP Object Injection

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'gopricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-lev...

8.8CVSS7.4AI score0.00884EPSS
Exploits0References2
CVE
CVE
added 2023/05/24 11:38 p.m.59 views

CVE-2023-2500

CVE-2023-2500 affects the Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress (versions ≤ 3.3.19). The vulnerability is PHP Object Injection via deserialization of untrusted input in the go_pricing shortcode data parameter. It requires subscriber-level authentication or higher; ...

8.8CVSS8.8AI score0.00884EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder