In versions <= 3.0.8 this can be exploited by authenticating as any WordPress user, and in versions 3.0.9 - 3.0.15 can be exploited by passing a valid password hash being used by any admin in the EasyCart user system.
CPE | Name | Operator | Version |
---|---|---|---|
wp-easycart | lt | 3.0.16 |