WordPress Plugin Vulnerabilities

WooCommerce <= 3.4.5 - Authenticated File Deletion to Privilege Escalation

Description

Attackers in control of a user with the shop manager role can delete certain files on the server and then take over any victim account.

Affects Plugins

Plugin icon
woocommerce
Fixed in 3.4.6

References

CVE
CVE-2018-20714
URL
https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/
URL
https://www.ripstech.com/php-security-calendar-2018/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.1 (high)

Miscellaneous

Original Researcher
Simon Scannell (RIPS Technologies)
Submitter
Simon Scannell
Submitter website
https://ripstech.com
Submitter twitter
@scannell_simon
Verified
No
WPVDB ID
ad7f42a7-1ffb-4613-864a-6ae3249d8e10

Timeline

Publicly Published
2018-10-11 (about 7 years ago)
Added
2018-11-07 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-09-06
Title
WPCOM Member < 1.5.3 - Unauthenticated Privilege Escalation via User Meta
Published
2025-03-13
Title
Realteo - Real Estate Plugin by Purethemes < 1.2.9 - Authentication Bypass via 'do_register_user'
Published
2025-03-31
Title
WP RealEstate < 1.6.27 - Unauthenticated Privilege Escalation via 'process_register'
Published
2026-01-16
Title
RegistrationMagic < 6.0.7.2 - Privilege Escalation via admin_order
Published
2020-01-16
Title
WP Database Reset < 3.15 - Privilege Escalation