1.1.6

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wpdevart

NVD

Published: 2023-06-05

Updated: 2023-11-07

Summary

The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.

Vulnerable Configurations

Part	Description	Count
Application	Wpdevart Wpdevart Pricing Table Builder 1.1.5 Wpdevart Pricing Table Builder 1.1.6	2

References

https://wpscan.com/vulnerability/f601e637-a486-4f3a-9077-4f294ace7ea1