CVE-2023-2496
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site's server which may make remote code execution possible.
We have discovered 12,603 live websites that are affected by CVE-2023-2496.
Affected Software
| Product |  Go Pricing |
| Category | Wordpress Plugins |
| Vulnerable Domains | 12,603 live websites (68.43% of Go Pricing install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 43 versions ( 84.31% of all versions) |
Details
- Published - May 23, 2023
- Updated - Jan 13, 2025
Credits
- Lana Codes (finder)
CVE References
CVE-2023-2496 usage by Country
 United States | 3,891 websites |
 Germany | 1,371 websites |
 France | 944 websites |
 Russia | 526 websites |
 GB | 520 websites |
 Spain | 476 websites |
 Netherlands | 440 websites |
 Italy | 417 websites |
 Poland | 311 websites |
 Australia | 231 websites |
CVE-2023-2496 usage by TLD
| .com | 5,329 websites |
| .de | 649 websites |
| .ru | 422 websites |
| .nl | 408 websites |
| .co.uk | 381 websites |
| .it | 380 websites |
| .org | 370 websites |
| .fr | 288 websites |
| .net | 277 websites |
| .es | 259 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-2496
Top websites that are affected by CVE-2023-2496. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| *******.com | United States | **,*** | |
| *******.com | United States | **,*** | |
| ********.com |  Bulgaria | **,*** | |
| ***********.com | United States | **,*** | |
| *******.hu |  Hungary | **,*** | |
| ****.***.uk | United States | **,*** | |
| *******.eu | Hungary | **,*** | |
| ********.com |  Singapore | ***,*** |
FAQ
A total of 12,603 websites have been identified as vulnerable to CVE-2023-2496, discovered through global website indexing conducted by WebTechSurvey.
Go Pricing is susceptible to CVE-2023-2496 vulnerability.
Go Pricing versions before, and including, 3.3.19 are vulnerable to CVE-2023-2496.