CVE-2015-2673

Name of the Vulnerable Software and Affected Versions WP EasyCart plugin versions 1.1.30 through 3.0.20

Description The issue allows remote attackers to gain administrator privileges and execute arbitrary code. This is achieved via the option name and option value parameters in the ec ajax update option and ec ajax clear all taxrates functions.

Recommendations For WP EasyCart plugin versions 1.1.30 through 3.0.20, consider disabling the ec ajax update option and ec ajax clear all taxrates functions in the inc/admin/admin ajax functions.php file until a patch is available. Restrict access to these functions to minimize the risk of exploitation. Avoid using the option name and option value parameters in the affected API endpoints until the issue is resolved.