Description
WordPress Plugin WooCommerce-Store Toolkit is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions such as delete nearly all content of an affected website. WordPress Plugin WooCommerce-Store Toolkit version 1.5.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.5.7 or latest
References
http://pvagenas.com/vulnerabilities/woocommerce-store-toolkit-privilege-escalation/
https://www.exploit-db.com/exploits/39421/
http://seclists.org/bugtraq/2016/Feb/57
https://packetstormsecurity.com/files/135679/WordPress-WooCommerce-1.5.5-Privilege-Escalation.html
https://wordpress.org/plugins/woocommerce-store-toolkit/changelog/
Related Vulnerabilities
Oracle JRE CVE-2013-2426 Vulnerability (CVE-2013-2426)
WordPress Plugin WP SEO Redirect 301 Cross-Site Request Forgery (2.3.1)
WordPress Inadequate Encryption Strength Vulnerability (CVE-2012-6707)
RubyGems Improper Verification of Cryptographic Signature Vulnerability (CVE-2018-1000076)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.2.0 - 3.9.12)