cbcvebase.
CVE-2015-2673
published 2017-10-06

CVE-2015-2673: The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for…

PriorityP270high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
18.93%
96.9th percentile
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.

Affected

105 ranges· showing 25
VendorProductVersion rangeFixed in
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart
wpeasycartwp_easycart

Detection & IOCsextracted from sources · hover to see the quote

path/inc/admin/admin_ajax_functions.php
  • Monitor POST requests targeting ec_ajax_update_option or ec_ajax_clear_all_taxrates WordPress AJAX actions, particularly with option_name/option_value parameters that modify privileged settings such as admin email, user registration toggle, or default user role.
  • Alert on WordPress option changes (option_name = default_role set to 'administrator', or users_can_register enabled) originating from low-privileged authenticated sessions, as these are the specific option manipulations used in this exploit chain.
  • Correlate admin email address changes followed immediately by new user registrations with administrator role — this two-step pattern (suppress notification, then register admin account) is the hallmark of this exploit.
  • ·The vulnerability affects WP EasyCart plugin versions 1.1.30 through 3.0.20 only; verify installed plugin version before applying detections to avoid false positives on patched installations.
  • ·Exploitation requires the attacker to already hold any level of authenticated WordPress session; unauthenticated exploitation is not indicated by the sources.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.