CVE-2020-9392

EUVD-2020-30213
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
mitreCNA
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AC:L/AV:N/A:L/C:L/I:L/PR:N/S:U/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
supsysticpricing_table_by_supsystic
𝑥
< 1.8.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/
https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/