ReportizFlow
Filtered by vendor Easycommerce
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11457 | 2 Easycommerce, Wordpress | 2 Ai-powered Wordpress Ecommerce Plugin, Wordpress | 2025-11-12 | 9.8 Critical |
| The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles during registration. This makes it possible for unauthenticated attackers to gain administrator-level access to a vulnerable site. | ||||
Page 1 of 1.