CVE-2023-2496
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site's server which may make remote code execution possible.
We have discovered 11,228 live websites that are affected by CVE-2023-2496.
Affected Software
| Product |  Go Pricing |
| Category | Wordpress Plugins |
| Vulnerable Domains | 11,228 live websites (100% of Go Pricing install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Details
- Published - May 23, 2023
- Updated - Jan 13, 2025
Credits
- Lana Codes (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2023-2496 United States | 2,899 websites |
 Germany | 1,024 websites |
 Italy | 731 websites |
 France | 712 websites |
 GB | 554 websites |
 Russia | 492 websites |
 Spain | 471 websites |
 Netherlands | 398 websites |
 Poland | 268 websites |
 Australia | 238 websites |
Website Distribution by TLD
Number of websites using CVE-2023-2496| .com | 4,667 websites |
| .de | 569 websites |
| .it | 534 websites |
| .ru | 390 websites |
| .co.uk | 342 websites |
| .nl | 341 websites |
| .org | 316 websites |
| .fr | 249 websites |
| .net | 246 websites |
| .es | 235 websites |
Websites affected by CVE-2023-2496
Top websites that are affected by CVE-2023-2496. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | **,*** | |
| *******.com | United States | **,*** | |
| *******.com | United States | **,*** | |
| ********.com |  Bulgaria | **,*** | |
| ***********.com | United States | **,*** | |
| *******.hu |  Hungary | **,*** | |
| ****.***.uk | United States | **,*** | |
| *******.eu | Hungary | **,*** | |
| ************************.com | United States | **,*** | |
| ********.com |  Singapore | ***,*** |
FAQ
A total of 11,228 websites have been identified as vulnerable to CVE-2023-2496, based on global website indexing conducted by WebTechSurvey.
The Go Pricing is affected by the CVE-2023-2496 vulnerability.
Go Pricing versions up to and including 3.3.19 are vulnerable to CVE-2023-2496.