WordPress Plugin Vulnerabilities

EasyCart 1.1.30 - 3.0.20 - Privilege Escalation

Description

Due to a lack of validation in the ec_ajax_update_option and ec_ajax_clear_all_taxrates functions located in /inc/admin/admin_ajax_functions.php, it is possible to update any WordPress option as an authenticated non-admin user, which can in turn lead to privilege escalation and remote code execution.

Affects Plugins

Plugin icon
wp-easycart
Fixed in 3.0.21

References

CVE
CVE-2015-2673
URL
https://rastating.github.io/wp-easycart-privilege-escalation-information-disclosure

Miscellaneous

Submitter
Rob Carr
Submitter website
http://blog.rastating.com/
Submitter twitter
iamrastating
Verified
No
WPVDB ID
5f951b86-bf79-4992-890f-119345ec906f

Timeline

Publicly Published
2015-02-26 (about 9 years ago)
Added
2015-02-26 (about 9 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2019-04-24
Title
WP Database Backup < 5.2 - Unauthenticated OS Command Injection
Published
2019-02-11
Title
Simple Social Buttons 2.0.4-2.0.21 - Authenticated Option Injection
Published
2019-05-06
Title
W3 Total Cache < 0.9.7.4 - Cryptographic Signature Bypass
Published
2014-09-22
Title
Wordfence 5.2.3 - Banned IP Functionality Bypass
Published
2022-11-21
Title
All In One WP Security & Firewall < 5.0.8 - IP Spoofing