PT-2017-6603 · Wp Easycart · Wp Easycart

Published

2017-10-06

Updated

2017-11-01

CVE-2015-2673

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions WP EasyCart plugin versions 1.1.30 through 3.0.20

Description The issue allows remote attackers to gain administrator privileges and execute arbitrary code. This is achieved via the option name and option value parameters in the ec ajax update option and ec ajax clear all taxrates functions.

Recommendations For WP EasyCart plugin versions 1.1.30 through 3.0.20, consider disabling the ec ajax update option and ec ajax clear all taxrates functions in the inc/admin/admin ajax functions.php file until a patch is available. Restrict access to these functions to minimize the risk of exploitation. Avoid using the option name and option value parameters in the affected API endpoints until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2015-2673

Affected Products

Wp Easycart

PT-2017-6603 · Wp Easycart · Wp Easycart

CVE-2015-2673

Weakness Enumeration

Related Identifiers

Affected Products

References · 4