Description

WordPress Plugin WP e-Commerce-Store Toolkit is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin WP e-Commerce-Store Toolkit version 2.0.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.2 or latest

References

http://www.pritect.net/blog/visser-labs-wordpress-plugins-multiple-vulnerabilities

https://wordpress.org/plugins/wp-e-commerce-store-toolkit/changelog/

Related Vulnerabilities

WordPress 4.7.x Denial of Service Vulnerability (4.7 - 4.7.9)

WordPress Plugin Admin Menu Tree Page View Multiple Vulnerabilities (2.6.9)

WordPress Plugin XCloner-Backup and Restore Cross-Site Request Forgery (3.1.0)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.21)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.3)

Severity

High

Classification

CWE-264

Tags

Missing Update Privilege Escalation