EasyCart 1.1.30 - 3.0.20 - Privilege Escalation



Description
Due to a lack of validation in the ec_ajax_update_option and ec_ajax_clear_all_taxrates functions located in /inc/admin/admin_ajax_functions.php, it is possible to update any WordPress option as an authenticated non-admin user, which can in turn lead to privilege escalation and remote code execution.

Affects Plugin

fixed in version 3.0.21

References

URL https://rastating.github.io/wp-easycart-privilege-escalation-information-disclosure

Classification

Type BYPASS

Miscellaneous

Submitter Rob Carr
Submitter Website http://blog.rastating.com/
Submitter Twitter iamrastating
Views 3871
Verified No
WPVDB ID 7808

Timeline

Publicly Published 2015-02-26 (over 4 years ago)
Added 2015-02-26 (over 4 years ago)
Last Updated 2019-02-18 (5 months ago)