Primary

Context

ECPay Ecommerce for WooCommerce Missing Authorization Vulnerability Allowing Log Deletion

Vulnerability

Patched

A vulnerability exists in the ECPay Ecommerce for WooCommerce plugin for WordPress, in all versions through 1.1.2411060. The issue arises from a lack of proper capability checks on the 'clear_ecpay_debug_log' AJAX action. This flaw enables authenticated attackers with Subscriber-level access or higher to delete the plugin's log files, leading to unauthorized data loss.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of the plugin's log files by authenticated users with Subscriber-level access or higher.

Remediation

Users can update to version 1.1.2502030 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ECPay Ecommerce for WooCommerce Missing Authorization Vulnerability Allowing Log Deletion

Vulnerability

Impact

Remediation

Affected Products

ECPay Ecommerce for WooCommerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating