Primary

Context

WP EasyCart Shopping Cart & eCommerce Store Missing Authorization Vulnerability

Vulnerability

Patched

A vulnerability exists in the WP EasyCart Shopping Cart & eCommerce Store plugin for WordPress, in all versions through 5.7.8. The issue arises from a missing capability check on the webhook function, allowing unauthorized users to modify order statuses. This vulnerability could be exploited by unauthenticated attackers to change order statuses without proper authorization.

Impact

Exploitation of this vulnerability allows for unauthorized modification of order statuses, which could disrupt the order management process and potentially lead to financial discrepancies.

Remediation

Users can update to version 5.7.9 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP EasyCart Shopping Cart & eCommerce Store Missing Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WP EasyCart

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating