4 matches found
CVE-2023-2494
CVE-2023-2494 affects the Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress. Vulnerable in versions up to 3.3.19 due to a missing capability check in the function process_postdata, enabling authenticated attackers (with a role granted access to the plugin) to modify access to ...
CVE-2023-2496
CVE-2023-2496 refers to the Go Pricing - WordPress Responsive Pricing Tables plugin. Affected versions up to 3.3.19 are vulnerable to unauthorized arbitrary file uploads due to an improper capability check in the validate_upload function. This allows authenticated attackers with a role granted ac...
CVE-2023-2498
CVE-2023-2498 affects the Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress. A stored XSS via shortcodes exists in versions up to and including 3.3.19 due to insufficient input sanitization and output escaping, enabling contributed-level attackers to inject scripts on pages vi...
CVE-2023-2500
CVE-2023-2500 affects the Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress (versions ≤ 3.3.19). The vulnerability is PHP Object Injection via deserialization of untrusted input in the go_pricing shortcode data parameter. It requires subscriber-level authentication or higher; ...