CVE-2023-2494
MEDIUMGo Pricing WordPress Plugin <= 3.3.19 - Authenticated Missing Authorization
Title source: llmDescription
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege.
References (2)
Core 2
Scores
CVSS v3
4.6
EPSS
0.0037
EPSS Percentile
28.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (2)
Granth/Go Pricing - WordPress Responsive Pricing Tables
< 3.3.19
granthweb/go_pricing
< 3.3.19
Published
May 24, 2023
Tracked Since
Feb 18, 2026