VIR Vulnerability Intelligence Relay

CVE-2015-2673

high
Published 2017-10-06 · Modified 2026-05-13
CVSS v3
8.8
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2
6.5
VIR risk
8.8

Description

The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.

Predictions

Exploit likelihood
92%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact
VendorProductVersionsFixed
wpeasycartwp_easycart1.1.30
wpeasycartwp_easycart1.1.31
wpeasycartwp_easycart1.1.32
wpeasycartwp_easycart1.1.33
wpeasycartwp_easycart1.1.34
wpeasycartwp_easycart1.1.35
wpeasycartwp_easycart1.1.36
wpeasycartwp_easycart1.2.0
wpeasycartwp_easycart1.2.1
wpeasycartwp_easycart1.2.2
wpeasycartwp_easycart1.2.3
wpeasycartwp_easycart1.2.4
wpeasycartwp_easycart1.2.5
wpeasycartwp_easycart1.2.6
wpeasycartwp_easycart1.2.7
wpeasycartwp_easycart1.2.8
wpeasycartwp_easycart1.2.9
wpeasycartwp_easycart1.2.10
wpeasycartwp_easycart1.2.11
wpeasycartwp_easycart1.2.12
wpeasycartwp_easycart1.2.13
wpeasycartwp_easycart1.2.14
wpeasycartwp_easycart1.2.15
wpeasycartwp_easycart1.2.16
wpeasycartwp_easycart2.0.1
wpeasycartwp_easycart2.0.1\@824267
wpeasycartwp_easycart2.0.2
wpeasycartwp_easycart2.0.3
wpeasycartwp_easycart2.0.4
wpeasycartwp_easycart2.0.5
wpeasycartwp_easycart2.0.6
wpeasycartwp_easycart2.0.7
wpeasycartwp_easycart2.0.8
wpeasycartwp_easycart2.0.9
wpeasycartwp_easycart2.0.10
wpeasycartwp_easycart2.0.11
wpeasycartwp_easycart2.0.12
wpeasycartwp_easycart2.0.13
wpeasycartwp_easycart2.0.14
wpeasycartwp_easycart2.0.15
wpeasycartwp_easycart2.0.16
wpeasycartwp_easycart2.0.17
wpeasycartwp_easycart2.0.18
wpeasycartwp_easycart2.0.19
wpeasycartwp_easycart2.0.20
wpeasycartwp_easycart2.0.21
wpeasycartwp_easycart2.0.22
wpeasycartwp_easycart2.1.0
wpeasycartwp_easycart2.1.1
wpeasycartwp_easycart2.1.2
wpeasycartwp_easycart2.1.3
wpeasycartwp_easycart2.1.4
wpeasycartwp_easycart2.1.5
wpeasycartwp_easycart2.1.6
wpeasycartwp_easycart2.1.7
wpeasycartwp_easycart2.1.8
wpeasycartwp_easycart2.1.9
wpeasycartwp_easycart2.1.10
wpeasycartwp_easycart2.1.11
wpeasycartwp_easycart2.1.12
wpeasycartwp_easycart2.1.13
wpeasycartwp_easycart2.1.14
wpeasycartwp_easycart2.1.15
wpeasycartwp_easycart2.1.16
wpeasycartwp_easycart2.1.17
wpeasycartwp_easycart2.1.18
wpeasycartwp_easycart2.1.19
wpeasycartwp_easycart2.1.20
wpeasycartwp_easycart2.1.21
wpeasycartwp_easycart2.1.22
wpeasycartwp_easycart2.1.23
wpeasycartwp_easycart2.1.24
wpeasycartwp_easycart2.1.25
wpeasycartwp_easycart2.1.26
wpeasycartwp_easycart2.1.27
wpeasycartwp_easycart2.1.28
wpeasycartwp_easycart2.1.29
wpeasycartwp_easycart2.1.30
wpeasycartwp_easycart2.1.31
wpeasycartwp_easycart2.1.32
wpeasycartwp_easycart2.1.33
wpeasycartwp_easycart2.1.34
wpeasycartwp_easycart2.1.35
wpeasycartwp_easycart2.1.36
wpeasycartwp_easycart3.0.0
wpeasycartwp_easycart3.0.1
wpeasycartwp_easycart3.0.2
wpeasycartwp_easycart3.0.3
wpeasycartwp_easycart3.0.4
wpeasycartwp_easycart3.0.5
wpeasycartwp_easycart3.0.6
wpeasycartwp_easycart3.0.7
wpeasycartwp_easycart3.0.8
wpeasycartwp_easycart3.0.9
wpeasycartwp_easycart3.0.10
wpeasycartwp_easycart3.0.11
wpeasycartwp_easycart3.0.12
wpeasycartwp_easycart3.0.13
wpeasycartwp_easycart3.0.14
wpeasycartwp_easycart3.0.15
wpeasycartwp_easycart3.0.16
wpeasycartwp_easycart3.0.17
wpeasycartwp_easycart3.0.18
wpeasycartwp_easycart3.0.19
wpeasycartwp_easycart3.0.20

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.