EasyCart 1.1.30 - 3.0.20 - Privilege Escalation

Sign up to our free email alerts service for instant vulnerability notifications!

Description
Due to a lack of validation in the ec_ajax_update_option and ec_ajax_clear_all_taxrates functions located in /inc/admin/admin_ajax_functions.php, it is possible to update any WordPress option as an authenticated non-admin user, which can in turn lead to privilege escalation and remote code execution.

Affects

Plugin wp-easycart
fixed in version 3.0.21

References

URL http://blog.rastating.com/wp-easycart-privilege-escalation-information-disclosure/

Classification

Type BYPASS

Miscellaneous

Submitter Rob Carr
Submitter Website http://blog.rastating.com/
Submitter Twitter iamrastating
Views 119
Verified No
WPVDB ID 7808

Timeline

Publicly Published 2015-02-26 (almost 2 years ago)
Added 2015-02-26 (almost 2 years ago)
Last Updated 2015-05-15 (over 1 year ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.