WordPress Role Based Pricing for Woo by Meow Crew plugin <= 1.6.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WooCommerce Role Based Pricing by Meow Crew versions = 1.6.0...

EUVD-2022-42903

Malicious code in bioql PyPI...

CVE-2022-3536

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, an...

CVE-2022-3537

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP...

WordPress WooCommerce Role Based Pricing by Meow Crew Plugin < 1.4.1 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Role Based Pricing by Meow Crew Type Plugin Vulnerable versions 1.4.1 Fixed in 1.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e917a5406972 Credits Rafie...

CVE-2022-3536

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, an...

CVE-2022-3536

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, an...

CVE-2022-3537

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP...

Cross site request forgery (csrf)

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, an...

WordPress plugin Role Based Pricing for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A code issue vulnerability exists in the...

CVE-2022-3536

CVE-2022-3536 affects the WordPress plugin Role Based Pricing for WooCommerce versions prior to 1.6.3. The vulnerability arises from insufficient authorization checks, missing CSRF protection, and lack of validation for user-supplied file paths, enabling an authenticated user (e.g., a subscriber)...

CVE-2022-3537

The CVE concerns the WordPress plugin Role Based Pricing for WooCommerce, affected versions prior to 1.6.2. The root cause is inadequate authorization and CSRF protection, plus unvalidated file uploads, allowing any authenticated user (e.g., a subscriber) to upload arbitrary files such as PHP. Pu...

CVE-2022-3536 Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, an...

PT-2022-22771 · WordPress · Role Based Pricing For Woocommerce

Name of the Vulnerable Software and Affected Versions: Role Based Pricing for WooCommerce WordPress plugin versions prior to 1.6.2 Description: The issue allows any authenticated users, such as subscribers, to upload arbitrary files, including PHP, due to the lack of authorization, proper CSRF...

WordPress plugin Role Based Pricing for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A code issue vulnerability exists in the...

PT-2022-22760 · WordPress · Role Based Pricing For Woocommerce

Name of the Vulnerable Software and Affected Versions: Role Based Pricing for WooCommerce WordPress plugin versions prior to 1.6.3 Description: The issue concerns a lack of authorization and proper CSRF checks, as well as inadequate validation of paths provided via user input. This allows...

WordPress Role Based Pricing for WooCommerce premium plugin <= 1.6.1 - Auth. Arbitrary File Upload vulnerability

Auth. Arbitrary File Upload vulnerability discovered by WPScan in WordPress Role Based Pricing for WooCommerce premium plugin versions = 1.6.1. Solution Update the WordPress Role Based Pricing for WooCommerce plugin to the latest available version at least 1.6.2...

Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload

The plugin does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP As a subscriber, open the HTML code below while being logged in as a subscriber, then choose a file to...

WordPress Role Based Pricing for WooCommerce premium plugin <= 1.6.2 - Auth. PHAR Deserialization vulnerability

Auth. PHAR Deserialization vulnerability discovered by WPScan in WordPress Role Based Pricing for WooCommerce premium plugin versions = 1.6.2. Solution Update the WordPress Role Based Pricing for WooCommerce plugin to the latest available version at least 1.6.3...

WordPress WooCommerce Role Based Pricing by Meow Crew plugin <= 1.0.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WooCommerce Role Based Pricing by Meow Crew plugin versions = 1.0.1. Solution Update the WordPress WooCommerce Role Based Pricing by Meow Crew plugin to the latest available version at least 1.0.2...