A flaw in the way WordPress handles privileges can lead to a privilege escalation in WordPress plugins. This affects for example WooCommerce, the most popular e-commerce plugin with over 4 million installations. The vulnerability allows shop managers to delete certain files on the server and then to take over any administrator account.
Source: https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/