CVE-2022-3537 The Role Based Pricing plugin before 1.6.2 has no authorisation and validation for uploaded files, which allows anyone to upload arbitrary files, like PHP.

source code or backdoor scripts to execute. In order to prevent the threat of unauthorized modification of the plugin code and data, the developers of this plugin upgraded the code and published a new version 1.6.2 on May 15, 2018. Users of the old version should upgrade to the latest version 1.6.2 as soon as possible to eliminate the security risk. In addition to upgrading the code, the developers implemented a new feature that allows the plugin to check authorisation of the user who is attempting to upload a new file or edit an existing file, before allowing the user to proceed. You can learn more about how the Role Based Pricing for WooCommerce WordPress plugin 1.6.2 prevents the installation of malicious scripts in WordPress by upgrading the code and implementing the new feature in the installation guide.

How Role Based Pricing for WooCommerce WordPress Plugin Works?

This plugin provides two security features: 1) the plugin prevents malicious scripts from being uploaded or executed on your site by upgrading the code and implementing the new feature. 2) The plugin also requires authorization before an upload or edit to a file is allowed to proceed.
The Role Based Pricing for WooCommerce WordPress plugin v1.6.2 ensures that people who are using this plugin are not installing malicious scripts that can harm your website.

Role Based Pricing for WooCommerce WordPress Plugin 1.6.2

As the number of WordPress websites continues to grow, the number of malicious scripts uploaded to these websites has been increasing as well. In order to prevent this threat, developers implemented a new feature in the Role Based Pricing for WooCommerce WordPress plugin 1.6.2 that prevents the installation of malicious scripts in WordPress. This new feature requires users to provide authorisation before they can proceed with their installation or editing of files in their plugin settings page. The Role Based Pricing for WooCommerce WordPress plugin 1.6.2 can be downloaded from the official website and is already available for use on your website.

Timeline

Published on: 11/07/2022 10:15:00 UTC
Last modified on: 11/09/2022 06:08:00 UTC

References

• https://wpscan.com/vulnerability/696868f7-409d-422d-87f4-92fc6bf6e74e
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3537