Pricing Table by Supsystic <= 1.9.12 is vulnerable to Content Injection vulnerability

Admin can set which role can use feature in pro vers

Published
2024-04-21

The Pricing Table by Supsystic plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.9.12. This makes it possible for authenticated attackers, with admin-level access and above, to inject arbitrary content. This is not a security issue by default, however, administrators can grant lower-level users access to functionality that makes this a security issue.

CVE

https://www.cve.org/CVERecord?id=CVE-2024-32790

CVSS

Score:4.3

Severity:Medium

Version: 1.9.12

There is a patch available in v1.9.13 and we strongly recommend you update to this version as soon as possible.