CVE-2022-3537

CVE-2022-3537: Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload

Vendor Unknown
Product Role Based Pricing for WooCommerce
Weakness CWE-434 · Unrestricted file upload
Published November 7, 2022
Last update May 1, 2025

CVSS base score

What the vulnerability does

01Description

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP

Key dates

02Disclosure timeline

November 7, 2022 CVE published
May 1, 2025 Record updated