[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgs2Zg-NnKmTLTxaq4dAwSEuHwPiKuIVfhnsa6lWyUPU":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2025-11457","easycommerce-ai-powered-blazing-fast-beautiful-wordpress-ecommerce-plugin-beta2-unauthenticated-privilege-escalation","EasyCommerce – AI-Powered, Blazing-Fast & Beautiful WordPress Ecommerce Plugin 0.9.0-beta2 - 1.8.2 - Unauthenticated Privilege Escalation","The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.8.2. This is due to the \u002Feasycommerce\u002Fv1\u002Forders REST API endpoint not properly restricting the ability for users to select roles during registration. This makes it possible for unauthenticated attackers to gain administrator-level access to a vulnerable site.","easycommerce",null,"\u003C=1.8.2","1.8.3","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Privilege Management","2025-11-10 15:10:06","2025-11-13 16:02:09",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7ebe84ba-abc1-410c-b315-118746ff235a?source=api-prod",3]