CVE-2015-2673

critical-risk
Published 2017-10-06

The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.

Do I need to act?

!
63.8% chance of exploitation in next 30 days
EPSS score — higher than 36% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (20)

Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart
Wp Easycart

Affected Vendors

Wpeasycart

References (2)

Exploit http://blog.rastating.com/wp-easycart-privilege-escalation-information-disclosur...
Exploit http://blog.rastating.com/wp-easycart-privilege-escalation-information-disclosur...
79
/ 100
critical-risk
Severity 30/34 · Critical
Exploitability 19/34 · Moderate
Exposure 30/34 · Critical