CVE-2020-9392

Name of the Vulnerable Software and Affected Versions pricing-table-by-supsystic plugin versions prior to 1.8.2

Description An issue in the pricing-table-by-supsystic plugin allows unauthenticated users to access sensitive information due to the lack of permission checks on certain endpoints. Specifically, the "ImportJSONTable", "createFromTpl", and "getJSONExportTable" endpoints are vulnerable, enabling unauthorized users to retrieve pricing table information, create new tables, or import and modify existing tables.

Recommendations For versions prior to 1.8.2, update to version 1.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "ImportJSONTable", "createFromTpl", and "getJSONExportTable" endpoints until the update can be applied.