WordPress Plugin Vulnerabilities

Go Pricing - WordPress Responsive Pricing Tables < 3.4 - Broken Access Control

Description

The plugin does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions

Affects Plugins

Plugin icon
go_pricing
Fixed in 3.4

References

CVE
CVE-2023-2494

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.6 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
7461f9d9-40fd-4fbe-b6e8-051a150f8b03

Timeline

Publicly Published
2023-05-23 (about 2 years ago)
Added
2023-05-24 (about 2 years ago)
Last Updated
2023-05-24 (about 2 years ago)

Other

Published
Title
Published
2023-12-26
Title
Essential Blocks for Gutenberg < 4.2.1 - Subscriber+ Unauthorised Actions
Published
2025-12-20
Title
Redirection for Contact Form 7 < 3.2.8 - Unauthenticated Arbitrary File Copy
Published
2025-06-19
Title
Zara 4 Image Compression <= 1.2.17.2 - Missing Authorization
Published
2026-02-13
Title
Appointment Booking Calendar Plugin <= 1.0.2 - Missing Authorization to Unauthenticated Arbitrary Appointment Status Modification
Published
2025-11-28
Title
Gutenverse Form < 2.3.0 - Missing Authorization