CVE-2015-2673

HIGH

Wpeasycart WP Easycart - Access Control

Title source: rule

Description

The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.

Exploits (1)

metasploit WORKING POC

by rastating · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/wp_easycart_privilege_escalation.rb

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] http://blog.rastating.com/wp-easycart-privilege-escalation-information-disclosure/

Scores

CVSS v3 8.8

EPSS 0.6377

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (50)

wpeasycart/wp_easycart 1.1.30

wpeasycart/wp_easycart 1.1.31

wpeasycart/wp_easycart 1.1.32

wpeasycart/wp_easycart 1.1.33

wpeasycart/wp_easycart 1.1.34

wpeasycart/wp_easycart 1.1.35

wpeasycart/wp_easycart 1.1.36

wpeasycart/wp_easycart 1.2.0

wpeasycart/wp_easycart 1.2.1

wpeasycart/wp_easycart 1.2.2

... and 40 more

Published Oct 06, 2017

Tracked Since Feb 18, 2026