2 matches found
CVE-2022-3536
CVE-2022-3536 affects the WordPress plugin Role Based Pricing for WooCommerce versions prior to 1.6.3. The vulnerability arises from insufficient authorization checks, missing CSRF protection, and lack of validation for user-supplied file paths, enabling an authenticated user (e.g., a subscriber)...
CVE-2022-3537
The CVE concerns the WordPress plugin Role Based Pricing for WooCommerce, affected versions prior to 1.6.2. The root cause is inadequate authorization and CSRF protection, plus unvalidated file uploads, allowing any authenticated user (e.g., a subscriber) to upload arbitrary files such as PHP. Pu...