Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin WooCommerce-Store Toolkit Privilege Escalation (1.5.6)

Description

WordPress Plugin WooCommerce-Store Toolkit is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions such as delete nearly all content of an affected website. WordPress Plugin WooCommerce-Store Toolkit version 1.5.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.5.7 or latest

References

http://pvagenas.com/vulnerabilities/woocommerce-store-toolkit-privilege-escalation/

https://www.exploit-db.com/exploits/39421/

http://seclists.org/bugtraq/2016/Feb/57

https://packetstormsecurity.com/files/135679/WordPress-WooCommerce-1.5.5-Privilege-Escalation.html

https://wordpress.org/plugins/woocommerce-store-toolkit/changelog/

Related Vulnerabilities

OpenSSL Integer Overflow or Wraparound Vulnerability (CVE-2016-2177)

Python Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2010-3493)

MySQL CVE-2020-2679 Vulnerability (CVE-2020-2679)

WordPress Plugin ALD-Dropshipping and Fulfillment for AliExpress and WooCommerce Multiple Vulnerabilities (1.0.21)

MySQL CVE-2024-21050 Vulnerability (CVE-2024-21050)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Privilege Escalation