WordPress Plugin Vulnerabilities

Pricing Table by Supsystic < 1.9.13 - Admin+ Content Injection

Description

The Pricing Table by Supsystic plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.9.12. This makes it possible for authenticated attackers, with admin-level access and above, to inject arbitrary content. This is not a security issue by default, however, administrators can grant lower-level users access to functionality that makes this a security issue.

Affects Plugins

Plugin icon
pricing-table-by-supsystic
Fixed in 1.9.13

References

CVE
CVE-2024-32790
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/33356b50-9c9c-4719-8321-b391fda69867

Classification

Type
CONTENT INJECTION
OWASP top 10
A1: Injection
CWE
CWE-345
CVSS
2.7 (low)

Miscellaneous

Original Researcher
Steven Julian
Verified
No
WPVDB ID
cd0237cd-fe66-4b48-a8e1-c5705287d1d0

Timeline

Publicly Published
2024-04-22 (about 2 years ago)
Added
2024-05-03 (about 2 years ago)
Last Updated
2024-05-03 (about 2 years ago)

Other

Published
Title
Published
2024-06-06
Title
PPOM for WooCommerce < 32.0.21 - Unauthenticated Content Injection Vulnerability
Published
2026-01-15
Title
Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit < 5.1.3 - Unauthenticated Order Status Manipulation
Published
2026-06-05
Title
Event Monster < 2.2.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action
Published
2024-03-19
Title
WooCommerce POS < 1.4.12 - Insufficient Verification of Data Authenticity to Authenticated (Customer+) Information Disclosure
Published
2021-01-12
Title
WP Quick FrontEnd Editor <= 5.5 - Authenticated Content Injection