{"api_version":"1","generated_at":"2026-04-23T12:00:10+00:00","cve":"CVE-2020-9392","urls":{"html":"https://cve.report/CVE-2020-9392","api":"https://cve.report/api/cve/CVE-2020-9392.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-9392","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-9392"},"summary":{"title":"CVE-2020-9392","description":"An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-03-23 17:15:00","updated_at":"2020-03-25 15:08:00"},"problem_types":["CWE-276"],"metrics":[],"references":[{"url":"https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/","name":"https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"Multiple Vulnerabilities Patched in Pricing Table by Supsystic Plugin","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-9392","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9392","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"9392","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"supsystic","cpe5":"pricing_table_by_supsystic","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9392","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"supsystic","cpe5":"pricing_table_by_supsystic","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-9392","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/","url":"https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/"}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AC:L/AV:N/A:L/C:L/I:L/PR:N/S:U/UI:N","version":"3.0"}}},"nvd":{"publishedDate":"2020-03-23 17:15:00","lastModifiedDate":"2020-03-25 15:08:00","problem_types":["CWE-276"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW","baseScore":7.3,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:supsystic:pricing_table_by_supsystic:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.8.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"9392","Ordinal":"169779","Title":"CVE-2020-9392","CVE":"CVE-2020-9392","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"9392","Ordinal":"1","NoteData":"An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"9392","Ordinal":"2","NoteData":"2020-03-23","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"9392","Ordinal":"3","NoteData":"2020-03-23","Type":"Other","Title":"Modified"}]}}}