Skip to main content

Incorrect Default Permissions

CVE-2020-9392

Severity High
Score 7.3/10

Summary

An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • LOW

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References

Advisory Timeline

  • Published