6 matches found
Authentication flaw
The TheCartPress eCommerce Shopping Cart aka The Professional WordPress eCommerce Plugin plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."...
CVE-2015-3301
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart aka The Professional WordPress eCommerce Plugin plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. dot dot in the tcpboxpath parameter in the checkouteditorsettings page to...
Directory traversal
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart aka The Professional WordPress eCommerce Plugin plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. dot dot in the tcpboxpath parameter in the checkouteditorsettings page to...
CVE-2015-3301
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart aka The Professional WordPress eCommerce Plugin plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. dot dot in the tcpboxpath parameter in the checkouteditorsettings page to...
CVE-2015-3300
Multiple cross-site scripting XSS vulnerabilities in the TheCartPress eCommerce Shopping Cart aka The Professional WordPress eCommerce Plugin plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the 1 billingfirstname, 2 billinglastname, 3...
CVE-2015-3986
TheCartPress eCommerce Shopping Cart (WordPress plugin) is affected by CVE-2015-3986: CSRF allows remote attackers to hijack administrator sessions via directory traversal through tcp_box_path on the checkout_editor_settings page leading to wp-admin/admin.php. Affected versions: WordPress plugin ...