Vulnerability Bulletins

Multiple Vulnerabilities Patched in Pricing Table by Supsystic Plugin


System information

   
Affected software Wordpress

Description

https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/ On January 17th, our Threat Intelligence Team discovered several vulnerabilities in Pricing Table by Supsystic, a WordPress plugin installed on over 40,000 sites. These flaws allowed an unauthenticated user to execute several AJAX actions due to an insecure permissions weakness. Attackers were also able to inject malicious Javascript due to a Cross-Site Scripting (XSS) […]

More info:

https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/

Standar resources

Property Value
CVE CVE-2020-9392 ,CVE-2020-9393 and CVE-2020-9394.

Version history

Version Comments Date
1.0 Advisory issued 2020-02-27
Ministerio de Defensa
CNI
CCN
CCN-CERT