CVE-2023-2494

MEDIUM

Go Pricing WordPress Plugin <= 3.3.19 - Authenticated Missing Authorization

Title source: llm
STIX 2.1

Description

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege.

Scores

CVSS v3 4.6
EPSS 0.0037
EPSS Percentile 28.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
Granth/Go Pricing - WordPress Responsive Pricing Tables < 3.3.19
granthweb/go_pricing < 3.3.19
Published May 24, 2023
Tracked Since Feb 18, 2026