Login Sign Up

CVE-2023-2496

7.1 HIGH
Remote Code Execution

📋 TL;DR

The Go Pricing WordPress plugin has an improper capability check that allows authenticated users with plugin access to upload arbitrary files. This vulnerability affects WordPress sites using Go Pricing plugin versions up to 3.3.19. Successful exploitation could lead to remote code execution on the server.

💻 Affected Systems

Products:
  • Go Pricing - WordPress Responsive Pricing Tables
Versions: Up to and including version 3.3.19
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user with access to the Go Pricing plugin functionality.

📦 What is this software?

Go Pricing by Granthweb

View all CVEs affecting Go Pricing →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data theft, malware deployment, or site defacement.

🟠

Likely Case

Unauthorized file upload leading to webshell installation and limited server access.

🟢

If Mitigated

File upload attempts logged and blocked by security controls with no successful exploitation.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing and the vulnerability affects authenticated users with plugin access.
🏢 Internal Only: MEDIUM - Internal WordPress installations could still be exploited by compromised accounts or insider threats.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.3.20 or later

Vendor Advisory: https://codecanyon.net/item/go-pricing-wordpress-responsive-pricing-tables/3725820

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Go Pricing - WordPress Responsive Pricing Tables'. 4. Click 'Update Now' if update available. 5. Alternatively, download latest version from CodeCanyon and manually update.

🔧 Temporary Workarounds

Disable Go Pricing Plugin

all

Temporarily disable the vulnerable plugin until patching is possible.

wp plugin deactivate go_pricing

Restrict Plugin Access

all

Remove plugin access from non-administrator roles via WordPress user role management.

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block file uploads to Go Pricing endpoints
  • Enable file integrity monitoring on WordPress uploads directory and alert on unauthorized file changes

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for Go Pricing version 3.3.19 or earlier.

Check Version:

wp plugin list --name='go-pricing' --field=version

Verify Fix Applied:

Confirm Go Pricing plugin version is 3.3.20 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to /wp-content/plugins/go_pricing/
  • POST requests to Go Pricing upload endpoints from non-admin users
  • Webshell file creation in upload directories

Network Indicators:

  • HTTP POST requests to /wp-content/plugins/go_pricing/*/upload endpoints
  • Unusual outbound connections from WordPress server after file uploads

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-content/plugins/go_pricing" AND http_method="POST")

📊 Metadata

CVE ID: CVE-2023-2496
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Published: May 24, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON