WordPress Plugin Vulnerabilities

Pricing Table by Supsystic < 1.8.1 - Cross-Site Request Forgery to XSS and Setting Changes

Description

CSRF can be exploited against any of the functionalities in the Pricing Table by Supsystic WordPress plugin in vulnerable versions.

Proof of Concept

Affects Plugins

Plugin icon
pricing-table-by-supsystic
Fixed in 1.8.1

References

CVE
CVE-2020-9396
URL
https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Chloe Chamberland
Submitter
Chloe Chamberland
Submitter website
https://www.wordfence.com/
Submitter twitter
infosecchloe
Verified
No
WPVDB ID
c06b0334-5092-425e-9559-3c4a0d1b00d5

Timeline

Publicly Published
2020-02-25 (about 6 years ago)
Added
2020-02-25 (about 6 years ago)
Last Updated
2021-02-11 (about 5 years ago)

Other

Published
Title
Published
2020-02-24
Title
Ultimate Membership Pro < 8.7 - Cross-Site Request Forgery allowing Arbitrary Account Deletion and Creation
Published
2022-03-29
Title
DW Question & Answer Pro < 1.3.7 - Multiple CSRF
Published
2024-08-17
Title
WP MultiTasking <= 0.1.12 - Reflected XSS via Shortcode
Published
2025-01-16
Title
Auto FTP <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2018-06-25
Title
JS Support Ticket < 2.0.6 - CSRF