WordPress Plugin Vulnerabilities

Go Pricing - WordPress Responsive Pricing Tables < 3.4 - Incorrect Authorization leading to Arbitrary File Upload

Description

The plugin lacks proper authorization on the file upload feature, making it possible for authenticated users, who belong to specific roles defined by the administrator, to upload arbitrary files.

Affects Plugins

Plugin icon
go_pricing
Fixed in 3.4

References

CVE
CVE-2023-2496

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
b123bb35-ea43-4979-8177-359abe87d244

Timeline

Publicly Published
2023-05-23 (about 2 years ago)
Added
2023-05-24 (about 2 years ago)
Last Updated
2023-05-24 (about 2 years ago)

Other

Published
Title
Published
2024-02-03
Title
WP Hotel Booking < 2.0.9.3 - Improper Authorization on Multiple REST API Routes
Published
2025-06-11
Title
WordPress Single Sign-On (SSO) - Incorrect Authorization to Sensitive Information Exposure
Published
2024-06-05
Title
Bookster < 1.2.0 - Unauthenticated Appointment Status Update
Published
2025-08-28
Title
LWSCache < 2.9 - Subscriber+ Limited Plugin Activation
Published
2024-01-29
Title
Avada < 7.11.2 - Contributor+ Arbitrary File Upload