CVE-2023-2500
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'go_pricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
We have discovered 11,228 live websites that are affected by CVE-2023-2500.
Affected Software
| Product |  Go Pricing |
| Category | Wordpress Plugins |
| Vulnerable Domains | 11,228 live websites (100% of Go Pricing install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Details
- Published - May 24, 2023
- Updated - Jan 13, 2025
Credits
- Lana Codes (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2023-2500 United States | 2,899 websites |
 Germany | 1,024 websites |
 Italy | 731 websites |
 France | 712 websites |
 GB | 554 websites |
 Russia | 492 websites |
 Spain | 471 websites |
 Netherlands | 398 websites |
 Poland | 268 websites |
 Australia | 238 websites |
Website Distribution by TLD
Number of websites using CVE-2023-2500| .com | 4,667 websites |
| .de | 569 websites |
| .it | 534 websites |
| .ru | 390 websites |
| .co.uk | 342 websites |
| .nl | 341 websites |
| .org | 316 websites |
| .fr | 249 websites |
| .net | 246 websites |
| .es | 235 websites |
Websites affected by CVE-2023-2500
Top websites that are affected by CVE-2023-2500. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | **,*** | |
| *******.com | United States | **,*** | |
| *******.com | United States | **,*** | |
| ********.com |  Bulgaria | **,*** | |
| ***********.com | United States | **,*** | |
| *******.hu |  Hungary | **,*** | |
| ****.***.uk | United States | **,*** | |
| *******.eu | Hungary | **,*** | |
| ************************.com | United States | **,*** | |
| ********.com |  Singapore | ***,*** |
FAQ
A total of 11,228 websites have been identified as vulnerable to CVE-2023-2500, based on global website indexing conducted by WebTechSurvey.
The Go Pricing is affected by the CVE-2023-2500 vulnerability.
Go Pricing versions up to and including 3.3.19 are vulnerable to CVE-2023-2500.