CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2015-3300 – TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-3300
Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php. Múltiples vulnerabilidades de XSS en el plugin TheCartPress eCommerce Shopping Cart (también conocido como The Professional WordPress eCommerce Plugin) para WordPress en versiones anteriores a 1.3.9.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2 o (22) shipping_fax hasta shopping-cart/checkout/; del parámetro (23) search_by en la página admin/AddressesList.php en wp-admin/admin.php; del parámetro (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode o del parámetro (31) email en la página admin/AddressEdit.php en wp-admin/admin.php; del parámetro (32) post_id o (33) rel_type en la página admin/AssignedCategoriesList.php en wp-admin/admin.php; o del parámetro (34) post_type en la página admin/CustomFieldsList.php en wp-admin/admin.php. WordPress TheCartPress plugin version 1.3.9 suffers from local file inclusion, improper access control, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/36860 http://osvdb.org/show/osvdb/121438 http://osvdb.org/show/osvdb/121469 http://osvdb.org/show/osvdb/121470 http://osvdb.org/show/osvdb/121471 http://osvdb.org/show/osvdb/121472 http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html http://www.securityfocus.com/archive/1/535396/100/0/threaded http://www.securityfocus.com/bid/74395 https://wordpress.org/plugins/thecartpress/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2015-3302 – TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2015-3302
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism." El plugin TheCartPress eCommerce Shopping Cart (también conocido como The Professional WordPress eCommerce Plugin) para WordPress, en versiones anteriores a la1.3.9.3, permite que atacantes remotos obtengan información sensible sobre detalles de pedidos aprovechando un "mecanismo de autenticación roto". WordPress TheCartPress plugin version 1.3.9 suffers from local file inclusion, improper access control, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/36860 http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html http://www.securityfocus.com/archive/1/535396/100/1100/threaded http://www.securityfocus.com/bid/74395 https://www.htbridge.com/advisory/HTB23254 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 4.9EPSS: 1%CPEs: 1EXPL: 3CVE-2015-3301 – TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Directory Traversal
https://notcve.org/view.php?id=CVE-2015-3301
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php. Vulnerabilidad de salto de directorio en el plugin TheCartPress eCommerce Shopping Cart (también conocido como The Professional WordPress eCommerce Plugin) para WordPress anterior a 1.3.9.3 permite a administradores remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro tcp_box_path en la página checkout_editor_settings en wp-admin/admin.php. WordPress TheCartPress plugin version 1.3.9 suffers from local file inclusion, improper access control, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/36860 http://osvdb.org/show/osvdb/121439 http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html http://www.securityfocus.com/archive/1/535396/100/0/threaded http://www.securityfocus.com/bid/74395 https://wordpress.org/plugins/thecartpress/changelog https://www.htbridge.com/advisory/HTB23254 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2015-3986 – TheCartPress eCommerce Shopping Cart <= 1.5.3.6 Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-3986
Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php. Vulnerabilidad de CSRF en el plugin TheCartPress eCommerce Shopping Cart (también conocido como The Professional WordPress eCommerce Plugin) para WordPress anterior a 1.3.9.3 permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que realizan ataques de salto de directorio a través del parámetro tcp_box_path en la página checkout_editor_settings en wp-admin/admin.php. • https://www.exploit-db.com/exploits/36860 http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html http://www.securityfocus.com/archive/1/535396/100/0/threaded http://www.securityfocus.com/bid/74395 https://wordpress.org/plugins/thecartpress/changelog https://www.htbridge.com/advisory/HTB23254 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 3CVE-2011-5207 – TheCartPress eCommerce Shopping Cart <= 1.1.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5207
Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en admin/OptionsPostsList.php en el plugin para WordPress TheCartPress antes de v1.1.6 anterior al 31/12/2011, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro tcp_name_post_XXXXX. • https://www.exploit-db.com/exploits/36481 http://packetstormsecurity.org/files/view/108272/wpcartpress-xss.txt http://plugins.trac.wordpress.org/changeset/482746/thecartpress http://secunia.com/advisories/47427 http://www.securityfocus.com/bid/51216 https://exchange.xforce.ibmcloud.com/vulnerabilities/72070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •