WordPress Plugin Vulnerabilities

EasyCart <= 3.0.15 - Unrestricted File Upload

Description

In versions <= 3.0.8 this can be exploited by authenticating as any WordPress user, and in versions 3.0.9 - 3.0.15 can be exploited by passing a valid password hash being used by any admin in the EasyCart user system.

Affects Plugins

Plugin icon
wp-easycart
Fixed in 3.0.16

References

CVE
CVE-2014-9308
Exploitdb
35730
Exploitdb
36043
URL
exploit/unix/webapp/wp_easycart_unrestricted_file_upload
URL
https://packetstormsecurity.com/files/#129875/
URL
https://packetstormsecurity.com/files/#130328/

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
6c1c4f2f-61a9-4a18-b008-9a94048ec2a8

Timeline

Publicly Published
2015-02-11 (about 11 years ago)
Added
2015-01-08 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-06-14
Title
FooEvents for WooCommerce < 1.19.21 - Improper Authorization to (Contributor+) Arbitrary File Upload
Published
2015-02-12
Title
Photo Gallery <= 1.2.5 - Unrestricted File Upload
Published
2014-08-01
Title
Xerte Online <= 0.35 - File Upload
Published
2025-11-26
Title
Blubrry PowerPress < 11.15.3 - Authenticated (Contributor+) Arbitrary File Upload via 'powerpress_edit_post'
Published
2025-06-02
Title
Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress < 6.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads