CVE-2021-34645
📋 TL;DR
This CSRF vulnerability in the Shopping Cart & eCommerce Store WordPress plugin allows attackers to trick authenticated administrators into executing malicious actions without their knowledge. Attackers can inject arbitrary web scripts through the currency settings function, potentially compromising the WordPress site. All WordPress sites using this plugin up to version 5.1.0 are affected.
💻 Affected Systems
- Shopping Cart & eCommerce Store WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover through privilege escalation, data theft, or malware injection leading to widespread compromise of the WordPress installation and potentially the server.
Likely Case
Unauthorized script injection leading to defacement, credential theft via phishing pages, or backdoor installation for persistent access.
If Mitigated
Attack fails due to proper CSRF protections, user awareness, or network segmentation limiting impact to isolated components.
🎯 Exploit Status
Exploitation requires tricking an authenticated administrator into clicking a malicious link or visiting a compromised page.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.1.1 and later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/2463792/wp-easycart/trunk/admin/inc/wp_easycart_admin_initial_setup.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Shopping Cart & eCommerce Store' plugin. 4. Click 'Update Now' if available, or manually update to version 5.1.1+. 5. Verify update completes successfully.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patched to prevent exploitation.
wp plugin deactivate wp-easycart
CSRF Protection Implementation
allAdd custom CSRF tokens to the vulnerable endpoint via WordPress hooks.
Add custom nonce verification in theme functions.php or custom plugin
🧯 If You Can't Patch
- Implement strict access controls and network segmentation to limit admin panel exposure.
- Use web application firewall (WAF) rules to block suspicious currency setting requests.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Shopping Cart & eCommerce Store' version ≤5.1.0.Check Version:
wp plugin get wp-easycart --field=versionVerify Fix Applied:
Confirm plugin version is 5.1.1 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-post.php with currency-related parameters
- Multiple failed CSRF token validations in WordPress debug logs
Network Indicators:
- Suspicious outbound connections from WordPress server following admin actions
- Unexpected script injections in HTTP responses
SIEM Query:
source="wordpress.log" AND ("save_currency_settings" OR "wp_easycart_admin_initial_setup")🔗 References
- https://plugins.trac.wordpress.org/browser/wp-easycart/trunk/admin/inc/wp_easycart_admin_initial_setup.php?rev=2463792#L240
- https://wordfence.com/vulnerability-advisories/#CVE-2021-34645
- https://plugins.trac.wordpress.org/browser/wp-easycart/trunk/admin/inc/wp_easycart_admin_initial_setup.php?rev=2463792#L240
- https://wordfence.com/vulnerability-advisories/#CVE-2021-34645
