The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/696868f7-409d-422d-87f4-92fc6bf6e74e | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/696868f7-409d-422d-87f4-92fc6bf6e74e | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/696868f7-409d-422d-87f4-92fc6bf6e74e - Exploit, Third Party Advisory |
09 Nov 2022, 06:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:addify:role_based_pricing_for_woocommerce:*:*:*:*:*:wordpress:*:* | |
References | (CONFIRM) https://wpscan.com/vulnerability/696868f7-409d-422d-87f4-92fc6bf6e74e - Exploit, Third Party Advisory |
07 Nov 2022, 13:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-07 10:15
Updated : 2024-11-21 07:19
NVD link : CVE-2022-3537
Mitre link : CVE-2022-3537
CVE.ORG link : CVE-2022-3537
JSON object : View
Products Affected
addify
- role_based_pricing_for_woocommerce