WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Shopping Cart & eCommerce Store Multiple Security Bypass Vulnerabilities (3.0.20)

Description

WordPress Plugin Shopping Cart & eCommerce Store is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently update any WordPress options. WordPress Plugin Shopping Cart & eCommerce Store version 3.0.20 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.0.22 or latest

References

https://www.rastating.com/wp-easycart-privilege-escalation-information-disclosure/

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/wp_easycart_privilege_escalation.rb

Related Vulnerabilities

WordPress Plugin EWWW Image Optimizer Cross-Site Request Forgery (5.8.1)

Drupal Core 4.7.x Denial of Service (4.7.0 - 4.7.4)

WordPress Plugin I Recommend This SQL Injection (3.7.2)

WordPress Plugin Import all XML, CSV & TXT into WordPress Multiple Vulnerabilities (6.5.7)

WordPress Plugin EU Cookie Law for GDPR/CCPA Cross-Site Scripting (3.1.6)

Severity

High

Classification

CVE-2015-2673 CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Tags

Missing Update Authentication Bypass