Description

WordPress Plugin WP e-Commerce-Store Exporter is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin WP e-Commerce-Store Exporter version 1.6.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.6.7 or latest

References

http://www.pritect.net/blog/visser-labs-wordpress-plugins-multiple-vulnerabilities

https://wordpress.org/plugins/wp-e-commerce-exporter/changelog/

Related Vulnerabilities

WordPress Plugin The Plus Addons for Elementor Security Bypass (4.1.10)

WordPress Plugin uCan Post Multiple HTML Injection Vulnerabilities (1.0.09)

WordPress Plugin Centrora Security Multiple Vulnerabilities (6.5.6)

WordPress Plugin Social Media Tab Remote Code Execution (1.0.9)

WordPress Plugin WP-Matomo (WP-Piwik) Cross-Site Scripting (1.0.10)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Privilege Escalation