CVE-2025-11457

The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.8.2. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles durin...

EUVD-2025-60948

The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles durin...

CVE-2025-11457

The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.8.2. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles durin...

CVE-2025-11457 EasyCommerce – AI-Powered, Blazing-Fast & Beautiful WordPress Ecommerce Plugin 0.9.0-beta2 - 1.8.2 - Unauthenticated Privilege Escalation

The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.8.2. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles durin...

CVE-2025-11457

CVE-2025-11457 pertains to the WordPress plugin EasyCommerce – AI-Powered Ecommerce. The issue is an unauthenticated privilege-escalation flaw caused by insufficient restrictions on role selection via the /easycommerce/v1/orders API endpoint during user registration. Exploitation could allow an u...

CVE-2025-11457 EasyCommerce – AI-Powered, Blazing-Fast & Beautiful WordPress Ecommerce Plugin 0.9.0-beta2 - 1.8.2 - Unauthenticated Privilege Escalation

The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.8.2. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles durin...

WordPress EasyCommerce plugin <= 1.8.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin EasyCommerce versions = 1.8.2...

WordPress plugin EasyCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-46247

Name of the Vulnerable Software and Affected Versions EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin versions 0.9.0-beta2 through 1.5.0 Description The EasyCommerce plugin for WordPress has a flaw where the /easycommerce/v1/orders API endpoint does not adequately limit use...