An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.
References
Link | Resource |
---|---|
https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-23T16:14:51
Updated: 2020-03-23T16:14:51
Reserved: 2020-02-25T00:00:00
Link: CVE-2020-9392
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-03-23T17:15:15.487
Modified: 2020-03-25T15:08:10.820
Link: CVE-2020-9392
JSON object: View
Redhat Information
No data.
CWE