cbcvebase.

Thecartpress Ecommerce Shopping Cart vulnerabilities

4 known vulnerabilities affecting thecartpress/thecartpress_ecommerce_shopping_cart.

Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2015-3302P2HIGHCVSS 7.5PoC≤ 1.3.92017-12-29
CVE-2015-3302 [HIGH] CWE-284 CVE-2015-3302: The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin fo The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."
nvd
CVE-2015-3301P3MEDIUMCVSS 4.0PoC≤ 1.3.92015-05-14
CVE-2015-3301 [MEDIUM] CWE-22 CVE-2015-3301: Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
nvd
CVE-2015-3300P4MEDIUMCVSS 4.3PoC≤ 1.3.92015-05-14
CVE-2015-3300 [MEDIUM] CWE-79 CVE-2015-3300: Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billi
nvd
CVE-2015-3986P4MEDIUMCVSS 4.3PoC≤ 1.3.92015-05-14
CVE-2015-3986 [MEDIUM] CWE-352 CVE-2015-3986: Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_edi
nvd
Thecartpress Ecommerce Shopping Cart vulnerabilities | cvebase