CVE-2015-2673 : The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax

The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.

Published 2017-10-06 22:29:01

Updated 2017-11-01 12:05:18

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2015-2673

Probability of exploitation activity in the next 30 days: 0.69%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2015-2673

WordPress WP EasyCart Plugin Privilege Escalation

Disclosure Date: 2015-02-25

First seen: 2020-04-26

auxiliary/admin/http/wp_easycart_privilege_escalation

The WordPress WP EasyCart plugin from version 1.1.30 to 3.0.20 allows authenticated users of any user level to set any system option via a lack of validation in the ec_ajax_update_option and ec_ajax_clear_all_taxrates functions located in /inc/admin/admin_aja

More information

CVSS scores for CVE-2015-2673

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2015-2673

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-2673

http://blog.rastating.com/wp-easycart-privilege-escalation-information-disclosure/

WP EasyCart Privilege Escalation Information Disclosure | rastating.github.io
Exploit;Third Party Advisory

Products affected by CVE-2015-2673

Wpeasycart » Wp Easycart » Version: 1.2.9 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.9:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.8 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.8:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.7 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.7:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.6 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.6:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.2 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.2:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.3 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.3:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.4 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.4:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.5 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.5:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.20 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.20:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.21 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.21:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.22 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.22:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.0 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.0:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.13 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.13:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.14 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.14:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.15 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.15:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.16 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.16:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.17 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.17:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.30 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.30:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.31 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.31:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.32 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.32:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.33 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.33:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.12 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.12:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.13 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.13:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.14 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.14:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.15 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.15:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.1 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.1:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.16 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.16:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.15 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.15:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.14 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.14:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.0 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.0:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.1.36 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.1.36:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.1.35 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.1.35:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.1.34 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.1.34:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.11 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.11:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.12 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.12:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.13 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.13:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.14 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.14:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.15 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.15:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.5 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.5:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.6 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.6:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.7 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.7:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.8 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.8:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.22 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.22:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.23 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.23:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.24 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.24:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.25 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.25:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.2 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.2:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.3 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.3:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.4 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.4:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.5 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.5:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.6 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.6:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.9 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.9:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.1.30 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.1.30:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.20 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.20:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.13 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.13:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.11 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.11:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.4 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.4:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.2 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.2:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.1.32 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.1.32:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.1@824267 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.1\@824267:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.7 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.7:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.9 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.9:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.16 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.16:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.18 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.18:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.2 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.2:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.4 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.4:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.9 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.9:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.11 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.11:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.18 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.18:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.20 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.20:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.27 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.27:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.29 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.29:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.34 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.34:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.36 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.36:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.1 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.1:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.6 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.6:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.10 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.10:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.17 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.17:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.19 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.19:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.8 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.8:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.12 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.12:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.10 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.10:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.5 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.5:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.3 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.3:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.2.1 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.2.1:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.1.33 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.1.33:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 1.1.31 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:1.1.31:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.8 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.8:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.10 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.10:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.17 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.17:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.0.19 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.0.19:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.1 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.1:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.3 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.3:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.10 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.10:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.12 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.12:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.19 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.19:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.21 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.21:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.26 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.26:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.28 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.28:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 2.1.35 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:2.1.35:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.0 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.0:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.7 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.7:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.11 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.11:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.16 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.16:*:*:*:*:wordpress:*:*
Matching versions
Wpeasycart » Wp Easycart » Version: 3.0.18 For Wordpress
cpe:2.3:a:wpeasycart:wp_easycart:3.0.18:*:*:*:*:wordpress:*:*
Matching versions