CVE-2024-1333 Responsive Pricing Table < 5.1.11 - Author+ Stored XSS

2024-03-1815:15:26

WPScan

github.com

cve-2024-1333; wordpress plugin; stored xss; pricing table; author role; cross-site scripting; validation; escaping; shortcode; security vulnerability

AI Score

5.8

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:wpdarko:responsive_pricing_table:*:*:*:*:*:*:*:*"
    ],
    "vendor": "wpdarko",
    "product": "responsive_pricing_table",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "5.1.11",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]