Lucene search
6ScanPATCHSTACK:DCA89999B03093543B0066825C453325HistoryDec 31, 2011 - 12:00 a.m.
WordPress TheCartPress Plugin 1.6 - Cross Site Scripting
2011-12-3100:00:00
6Scan
patchstack.com
7
0.005 Low
EPSS
Percentile
75.7%
WordPress TheCartPress plugin’s “OptionsPostsList.php” is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication credentials. Other attacks are also possible.
Solution
Update the plugin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| thecartpress | le | 1.6 |
References
Related
wpvulndb
wpvulndb
TheCartPress < 1.1.6 - Cross-Site Scripting (XSS)
2011-12-31 00:00:00
prion
prion
Cross site scripting
2012-10-04 17:55:00
nvd
nvd
CVE-2011-5207
2012-10-04 17:55:01
cve
cve
CVE-2011-5207
2012-10-04 17:55:01
cvelist
cvelist
CVE-2011-5207
2012-10-04 17:00:00