CVE-2020-9394: 
WordPress vulnerability analysis and mitigation

An issue was discovered in the pricing-table-by-supsystic plugin before version 1.8.2 for WordPress. The vulnerability allows Cross-Site Request Forgery (CSRF) attacks. The issue was discovered and disclosed on February 25, 2020, affecting the pricing table functionality in WordPress installations (WordPress Plugin).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue is classified as CWE-352: Cross-Site Request Forgery (CSRF). Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table (WPScan).

The vulnerability allows attackers to perform unauthorized actions on behalf of authenticated users, potentially leading to the exposure of pricing table information, creation of unauthorized tables, and modification of existing tables. This could result in data manipulation and unauthorized access to sensitive pricing information (WPScan).

The vulnerability has been patched in version 1.8.2 of the pricing-table-by-supsystic plugin. Users are strongly advised to update to this version or later to mitigate the risk. No workarounds are available for earlier versions (WordPress Plugin).