|Number of vulnerabilities||1|
|Public exploit||Not available|
|Vulnerable software versions||
The vulnerability allows a remote attacker with Shop Manager privileges to execute arbitrary code on the target system.
The weakness exists due to file deletion vulnerability in the plugin's log deletion functionality that Shop Manager have access. A remote attacker can use a design flaw in the WordPress permission system to gain Shop Manager privileges, escape out of the expected folder by adding to the passed argument, take over any administrator account and then execute code on the server.
Update to version 3.4.6.External links