Описание
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.8.2 (исключая)
cpe:2.3:a:supsystic:pricing_table_by_supsystic:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 74%
0.0082
Низкий
7.3 High
CVSS3
7.3 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-276
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.
EPSS
Процентиль: 74%
0.0082
Низкий
7.3 High
CVSS3
7.3 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-276