CVE-2024-4102

Description

The Pricing Table plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions like editing pricing tables.

Severity

5.4 (Medium) - CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected Version

<= 2.0.1

Reference

• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/elfsight-pricing-table/pricing-table-201-missing-authorization
• https://www.cve.org/CVERecord?id=CVE-2024-4102