Description

WordPress Plugin WooCommerce-Store Toolkit is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions such as delete nearly all content of an affected website. WordPress Plugin WooCommerce-Store Toolkit version 1.5.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.5.7 or latest

References

http://pvagenas.com/vulnerabilities/woocommerce-store-toolkit-privilege-escalation/

https://www.exploit-db.com/exploits/39421/

http://seclists.org/bugtraq/2016/Feb/57

https://packetstormsecurity.com/files/135679/WordPress-WooCommerce-1.5.5-Privilege-Escalation.html

https://wordpress.org/plugins/woocommerce-store-toolkit/changelog/

Related Vulnerabilities

WordPress Plugin WORDPRESS VIDEO GALLERY Multiple Vulnerabilities (2.3.1)

WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster Security Bypass (1.1.4.5)

WordPress Plugin Custom Sidebars-Dynamic Widget Area Manager Multiple Vulnerabilities (3.0.8)

WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Upload (1.2.1)

WordPress Plugin Featured Comments Cross-Site Request Forgery (1.2.1)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Tags

Missing Update Privilege Escalation