CVE-2020-9392: 
WordPress vulnerability analysis and mitigation

A security vulnerability was discovered in the pricing-table-by-supsystic WordPress plugin versions before 1.8.2. The vulnerability, identified as CVE-2020-9392, was disclosed on February 25, 2020. The issue stems from missing permission checks on multiple endpoints including ImportJSONTable, createFromTpl, and getJSONExportTable (NVD, CVE Mitre).

The vulnerability is classified with a CVSS v3.1 base score of 7.3 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. The security issue is categorized under CWE-276 (Incorrect Default Permissions). The vulnerability exists due to the absence of proper authorization checks on several critical endpoints that handle table operations (NVD).

The vulnerability allows unauthenticated users to perform unauthorized actions including retrieving pricing table information, creating new tables, and importing or modifying existing tables. This presents a significant security risk as it could lead to unauthorized access and manipulation of pricing data (NVD).

The vulnerability has been patched in version 1.8.2 of the pricing-table-by-supsystic plugin. Users are advised to update to this version or later to mitigate the security risk (Wordfence Blog).