Thecartpress Ecommerce Shopping Cart@* Security Vulnerabilities and Issues — Thecartpress Ecommerce Shopping Cart@* CVE List

Lucene search

ThecartpressThecartpress Ecommerce Shopping Cart*

4 matches found

CVE•added 2015/05/14 2:59 p.m.•54 views

CVE-2015-3300

Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3...

4.3CVSS6.8AI score0.0353EPSS

CVE•added 2015/05/14 2:59 p.m.•43 views

CVE-2015-3301

Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings p...

4CVSS7.3AI score0.144EPSS

CVE•added 2017/12/29 10:29 p.m.•43 views

CVE-2015-3302

The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."

7.5CVSS7.4AI score0.56075EPSS

CVE•added 2015/05/14 2:59 p.m.•35 views

CVE-2015-3986

Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal atta...

4.3CVSS7.5AI score0.01624EPSS