vulnerability

WordPress Plugin: easycommerce: CVE-2025-11457: Improper Privilege Management

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Nov 10, 2025	Nov 14, 2025	Nov 14, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Nov 10, 2025

Added

Nov 14, 2025

Modified

Nov 14, 2025

Description

The EasyCommerce – AI-Powered, Fast and Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.8.2. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles during registration. This makes it possible for unauthenticated attackers to gain administrator-level access to a vulnerable site.

Solution

easycommerce-plugin-cve-2025-11457

References

URL-https://www.cve.org/CVERecord?id=CVE-2025-11457
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/7ebe84ba-abc1-410c-b315-118746ff235a?source=api-prod
CVE-2025-11457
https://attackerkb.com/topics/CVE-2025-11457
CWE-269

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today