CVE-2015-2673
published 2017-10-06CVE-2015-2673: The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for…
PriorityP270high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
18.93%
96.9th percentile
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.
Affected
105 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
| wpeasycart | wp_easycart | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests targeting ec_ajax_update_option or ec_ajax_clear_all_taxrates WordPress AJAX actions, particularly with option_name/option_value parameters that modify privileged settings such as admin email, user registration toggle, or default user role. ↗
- →Alert on WordPress option changes (option_name = default_role set to 'administrator', or users_can_register enabled) originating from low-privileged authenticated sessions, as these are the specific option manipulations used in this exploit chain. ↗
- →Correlate admin email address changes followed immediately by new user registrations with administrator role — this two-step pattern (suppress notification, then register admin account) is the hallmark of this exploit. ↗
- ·The vulnerability affects WP EasyCart plugin versions 1.1.30 through 3.0.20 only; verify installed plugin version before applying detections to avoid false positives on patched installations. ↗
- ·Exploitation requires the attacker to already hold any level of authenticated WordPress session; unauthenticated exploitation is not indicated by the sources. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2017-10-06
Published