CVE-2023-2496: 
WordPress vulnerability analysis and mitigation

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress versions below 3.4 contains a vulnerability related to incorrect authorization in its file upload feature. The vulnerability was discovered and publicly disclosed on May 23, 2023, affecting websites using this popular pricing table plugin (WPScan).

The vulnerability stems from improper authorization controls in the file upload functionality. This security flaw allows authenticated users with specific roles defined by the administrator to upload arbitrary files to the system. The vulnerability has been assigned a CVSS score of 7.1 (High) and is classified under CWE-863 (Incorrect Authorization). The issue falls under the OWASP Top 10 category A5: Broken Access Control (WPScan).

The vulnerability could potentially allow authenticated users to upload malicious files to the WordPress installation, which could lead to unauthorized code execution or other security compromises depending on the type of files uploaded and the server configuration (WPScan).

The vulnerability has been patched in version 3.4 of the Go Pricing plugin, released on May 23, 2023. Website administrators are strongly advised to update to this version or later to protect against potential exploitation. The update includes security improvements and stricter user capability verification for various plugin functions (CodeCanyon).