Lucene search
K

6 matches found

Prion
Prion
added 2017/12/29 10:29 p.m.20 views

Authentication flaw

The TheCartPress eCommerce Shopping Cart aka The Professional WordPress eCommerce Plugin plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."...

5CVSS6.9AI score0.21841EPSS
Exploits5References5Affected Software1
NVD
NVD
added 2015/05/14 2:59 p.m.23 views

CVE-2015-3301

Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart aka The Professional WordPress eCommerce Plugin plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. dot dot in the tcpboxpath parameter in the checkouteditorsettings page to...

4CVSS6.6AI score0.09101EPSS
Exploits6References7
Prion
Prion
added 2015/05/14 2:59 p.m.25 views

Directory traversal

Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart aka The Professional WordPress eCommerce Plugin plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. dot dot in the tcpboxpath parameter in the checkouteditorsettings page to...

4CVSS7AI score0.09101EPSS
Exploits6References7Affected Software1
Cvelist
Cvelist
added 2015/05/14 2:0 p.m.40 views

CVE-2015-3301

Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart aka The Professional WordPress eCommerce Plugin plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. dot dot in the tcpboxpath parameter in the checkouteditorsettings page to...

7.5AI score0.09101EPSS
Exploits6References7
Cvelist
Cvelist
added 2015/05/14 2:0 p.m.26 views

CVE-2015-3300

Multiple cross-site scripting XSS vulnerabilities in the TheCartPress eCommerce Shopping Cart aka The Professional WordPress eCommerce Plugin plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the 1 billingfirstname, 2 billinglastname, 3...

6.9AI score0.06422EPSS
Exploits5References11
CVE
CVE
added 2015/05/14 2:0 p.m.47 views

CVE-2015-3986

TheCartPress eCommerce Shopping Cart (WordPress plugin) is affected by CVE-2015-3986: CSRF allows remote attackers to hijack administrator sessions via directory traversal through tcp_box_path on the checkout_editor_settings page leading to wp-admin/admin.php. Affected versions: WordPress plugin ...

4.3CVSS7.5AI score0.03392EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder