4 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism." El plugin TheCartPress eCommerce Shopping Cart (también conocido como The Professional WordPress eCommerce Plugin) para WordPress, en versiones anteriores a la1.3.9.3, permite que atacantes remotos obtengan información sensible sobre detalles de pedidos aprovechando un "mecanismo de autenticación roto". WordPress TheCartPress plugin version 1.3.9 suffers from local file inclusion, improper access control, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/36860 http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html http://www.securityfocus.com/archive/1/535396/100/1100/threaded http://www.securityfocus.com/bid/74395 https://www.htbridge.com/advisory/HTB23254 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •

CVSS: 4.9EPSS: 1%CPEs: 1EXPL: 3

Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php. Vulnerabilidad de salto de directorio en el plugin TheCartPress eCommerce Shopping Cart (también conocido como The Professional WordPress eCommerce Plugin) para WordPress anterior a 1.3.9.3 permite a administradores remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro tcp_box_path en la página checkout_editor_settings en wp-admin/admin.php. WordPress TheCartPress plugin version 1.3.9 suffers from local file inclusion, improper access control, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/36860 http://osvdb.org/show/osvdb/121439 http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html http://www.securityfocus.com/archive/1/535396/100/0/threaded http://www.securityfocus.com/bid/74395 https://wordpress.org/plugins/thecartpress/changelog https://www.htbridge.com/advisory/HTB23254 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php. Múltiples vulnerabilidades de XSS en el plugin TheCartPress eCommerce Shopping Cart (también conocido como The Professional WordPress eCommerce Plugin) para WordPress en versiones anteriores a 1.3.9.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2 o (22) shipping_fax hasta shopping-cart/checkout/; del parámetro (23) search_by en la página admin/AddressesList.php en wp-admin/admin.php; del parámetro (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode o del parámetro (31) email en la página admin/AddressEdit.php en wp-admin/admin.php; del parámetro (32) post_id o (33) rel_type en la página admin/AssignedCategoriesList.php en wp-admin/admin.php; o del parámetro (34) post_type en la página admin/CustomFieldsList.php en wp-admin/admin.php. WordPress TheCartPress plugin version 1.3.9 suffers from local file inclusion, improper access control, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/36860 http://osvdb.org/show/osvdb/121438 http://osvdb.org/show/osvdb/121469 http://osvdb.org/show/osvdb/121470 http://osvdb.org/show/osvdb/121471 http://osvdb.org/show/osvdb/121472 http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html http://www.securityfocus.com/archive/1/535396/100/0/threaded http://www.securityfocus.com/bid/74395 https://wordpress.org/plugins/thecartpress/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3

Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php. Vulnerabilidad de CSRF en el plugin TheCartPress eCommerce Shopping Cart (también conocido como The Professional WordPress eCommerce Plugin) para WordPress anterior a 1.3.9.3 permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que realizan ataques de salto de directorio a través del parámetro tcp_box_path en la página checkout_editor_settings en wp-admin/admin.php. • https://www.exploit-db.com/exploits/36860 http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html http://www.securityfocus.com/archive/1/535396/100/0/threaded http://www.securityfocus.com/bid/74395 https://wordpress.org/plugins/thecartpress/changelog https://www.htbridge.com/advisory/HTB23254 • CWE-352: Cross-Site Request Forgery (CSRF) •