Lucene search
MitreCVELIST:CVE-2015-3301HistoryMay 14, 2015 - 2:00 p.m.
CVE-2015-3301
2015-05-1414:00:00
mitre
www.cve.org
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a … (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
References
osvdb.org/show/osvdb/121439
packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html
www.securityfocus.com/archive/1/535396/100/0/threaded
www.securityfocus.com/bid/74395
wordpress.org/plugins/thecartpress/changelog/
www.exploit-db.com/exploits/36860/
www.htbridge.com/advisory/HTB23254
Related
threatpost
threatpost
WordPress CartPress Plugin Zero Day Disclosure
2015-04-29 14:28:26
cve
cve
CVE-2015-3301
2015-05-14 14:59:10
zdt
zdt
WordPress TheCartPress Plugin 1.3.9 - Multiple Vulnerabilities
2015-04-29 00:00:00
prion
prion
Directory traversal
2015-05-14 14:59:00
nvd
nvd
CVE-2015-3301
2015-05-14 14:59:10
securityvulns
securityvulns
Multiple Vulnerabilities in TheCartPress WordPress plugin
2015-05-11 00:00:00
exploitpack
exploitpack
WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities
2015-04-29 00:00:00
htbridge
htbridge
Multiple Vulnerabilities in TheCartPress WordPress plugin
2015-04-08 00:00:00
packetstorm
packetstorm
WordPress TheCartPress 1.3.9 XSS / Local File Inclusion
2015-04-29 00:00:00
wpvulndb
wpvulndb
TheCartPress <= 1.3.9 - Multiple Vulnerabilities
2015-04-29 00:00:00
exploitdb
exploitdb
WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities
2015-04-29 00:00:00