cbcvebase.
CVE-2015-3301
published 2015-05-14

CVE-2015-3301: Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before…

PriorityP333medium4CVSS 2.0
AVNACLAuSCPINAN
EXPLOIT
EPSS
9.10%
94.7th percentile
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
thecartpressthecartpress_ecommerce_shopping_cart<= 1.3.9
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.