A flaw in the way WordPress handles privileges can, it would appear, lead to a worse case privilege escalation scenario in WordPress plugins
While the vulnerability in the WooCommerce plugin itself was quickly patched, the design flaw in WordPress itself remains. Which is problematical, as all it took for an attacker to be successful with a site takeover was a vulnerable plugin and ‘shop manager’ privileges which could be obtained via XSS vulnerabilities, social engineering, or whatever you fancy. Once exploited, that shop manager could then take over any admin account and execute code at will on the server.
Click here to read complete article
