CVE-2025-11457

Name of the Vulnerable Software and Affected Versions EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin versions 0.9.0-beta2 through 1.5.0

Description The EasyCommerce plugin for WordPress has a flaw where the /easycommerce/v1/orders API endpoint does not adequately limit user role selection during registration. This allows unauthenticated attackers to obtain administrator-level access to a vulnerable website. The POST request to this endpoint enables attackers to register with administrative privileges without authentication.

Recommendations Versions 0.9.0-beta2 through 1.5.0 should be updated to a newer, secure version.