← Back

CVE-2015-2673

nvd nist
Published: Oct 6, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.

Affected (105)

Wpeasycart
1 product
Wp Easycart
Configuration A
105 vulnerable
Vulnerable SoftwareAffected Versions
Wpeasycart
Wp Easycart
Version 1.1.30
Wp Easycart
Version 1.1.31
Wp Easycart
Version 1.1.32
Wp Easycart
Version 1.1.33
Wp Easycart
Version 1.1.34
Wp Easycart
Version 1.1.35
Wp Easycart
Version 1.1.36
Wp Easycart
Version 1.2.0
Wp Easycart
Version 1.2.10
Wp Easycart
Version 1.2.11
Wp Easycart
Version 1.2.12
Wp Easycart
Version 1.2.13
Wp Easycart
Version 1.2.14
Wp Easycart
Version 1.2.15
Wp Easycart
Version 1.2.16
Wp Easycart
Version 1.2.1
Wp Easycart
Version 1.2.2
Wp Easycart
Version 1.2.3
Wp Easycart
Version 1.2.4
Wp Easycart
Version 1.2.5
Wp Easycart
Version 1.2.6
Wp Easycart
Version 1.2.7
Wp Easycart
Version 1.2.8
Wp Easycart
Version 1.2.9
Wp Easycart
Version 2.0.10
Wp Easycart
Version 2.0.11
Wp Easycart
Version 2.0.12
Wp Easycart
Version 2.0.13
Wp Easycart
Version 2.0.14
Wp Easycart
Version 2.0.15
Wp Easycart
Version 2.0.16
Wp Easycart
Version 2.0.17
Wp Easycart
Version 2.0.18
Wp Easycart
Version 2.0.19
Wp Easycart
Version 2.0.1
Wp Easycart
Version 2.0.1@824267
Wp Easycart
Version 2.0.20
Wp Easycart
Version 2.0.21
Wp Easycart
Version 2.0.22
Wp Easycart
Version 2.0.2
Wp Easycart
Version 2.0.3
Wp Easycart
Version 2.0.4
Wp Easycart
Version 2.0.5
Wp Easycart
Version 2.0.6
Wp Easycart
Version 2.0.7
Wp Easycart
Version 2.0.8
Wp Easycart
Version 2.0.9
Wp Easycart
Version 2.1.0
Wp Easycart
Version 2.1.10
Wp Easycart
Version 2.1.11
Wp Easycart
Version 2.1.12
Wp Easycart
Version 2.1.13
Wp Easycart
Version 2.1.14
Wp Easycart
Version 2.1.15
Wp Easycart
Version 2.1.16
Wp Easycart
Version 2.1.17
Wp Easycart
Version 2.1.18
Wp Easycart
Version 2.1.19
Wp Easycart
Version 2.1.1
Wp Easycart
Version 2.1.20
Wp Easycart
Version 2.1.21
Wp Easycart
Version 2.1.22
Wp Easycart
Version 2.1.23
Wp Easycart
Version 2.1.24
Wp Easycart
Version 2.1.25
Wp Easycart
Version 2.1.26
Wp Easycart
Version 2.1.27
Wp Easycart
Version 2.1.28
Wp Easycart
Version 2.1.29
Wp Easycart
Version 2.1.2
Wp Easycart
Version 2.1.30
Wp Easycart
Version 2.1.31
Wp Easycart
Version 2.1.32
Wp Easycart
Version 2.1.33
Wp Easycart
Version 2.1.34
Wp Easycart
Version 2.1.35
Wp Easycart
Version 2.1.36
Wp Easycart
Version 2.1.3
Wp Easycart
Version 2.1.4
Wp Easycart
Version 2.1.5
Wp Easycart
Version 2.1.6
Wp Easycart
Version 2.1.7
Wp Easycart
Version 2.1.8
Wp Easycart
Version 2.1.9
Wp Easycart
Version 3.0.0
Wp Easycart
Version 3.0.10
Wp Easycart
Version 3.0.11
Wp Easycart
Version 3.0.12
Wp Easycart
Version 3.0.13
Wp Easycart
Version 3.0.14
Wp Easycart
Version 3.0.15
Wp Easycart
Version 3.0.16
Wp Easycart
Version 3.0.17
Wp Easycart
Version 3.0.18
Wp Easycart
Version 3.0.19
Wp Easycart
Version 3.0.1
Wp Easycart
Version 3.0.20
Wp Easycart
Version 3.0.2
Wp Easycart
Version 3.0.3
Wp Easycart
Version 3.0.4
Wp Easycart
Version 3.0.5
Wp Easycart
Version 3.0.6
Wp Easycart
Version 3.0.7
Wp Easycart
Version 3.0.8
Wp Easycart
Version 3.0.9

Related CWEs

CWE-264
CWE-264

References (2)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.