CVE-2015-3302
published 2017-12-29CVE-2015-3302: The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to…
PriorityP265high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
21.67%
97.3th percentile
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thecartpress | thecartpress_ecommerce_shopping_cart | <= 1.3.9 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Sequential order ID enumeration: alert on rapid sequential GET requests to admin-ajax.php?action=tcp_print_order with incrementing order_id values from the same source IP, indicating automated order harvesting. ↗
- →Detect the two-step exploitation pattern: a request to /shopping-cart/checkout/?tcp_checkout=ok followed immediately by a request to /wp-admin/admin-ajax.php?action=tcp_print_order with the same order_id from the same unauthenticated client. ↗
- ·The vulnerable plugin (TheCartPress <= 1.3.9) has been officially abandoned by the vendor as of June 1, 2015. Any detection should treat its mere presence as a high-risk finding regardless of exploitation attempts. ↗
- ·The order_id parameter is a simple auto-incremented integer, meaning there is no token or secret required to enumerate all historical orders — detection thresholds should be set low (e.g., 3+ sequential order_id requests from one IP). ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.htmlhttp://www.securityfocus.com/archive/1/535396/100/1100/threadedhttp://www.securityfocus.com/bid/74395https://www.exploit-db.com/exploits/36860/https://www.htbridge.com/advisory/HTB23254http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.htmlhttp://www.securityfocus.com/archive/1/535396/100/1100/threadedhttp://www.securityfocus.com/bid/74395https://www.exploit-db.com/exploits/36860/https://www.htbridge.com/advisory/HTB23254
2017-12-29
Published