The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the validate_upload function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected sites server which may make remote code execution possible.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Go_pricing | Granthweb | * | 3.3.19 (including) |