CVE-2022-3536

CVE-2022-3536: Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization

Vendor Unknown
Product Role Based Pricing for WooCommerce
Weakness CWE-502 · Unsafe deserialization
Published November 7, 2022
Last update May 1, 2025

CVSS base score

What the vulnerability does

01Description

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blog

Key dates

02Disclosure timeline

November 7, 2022 CVE published
May 1, 2025 Record updated

Related vulnerabilities

04Related CVE