CVE-2015-3986
TheCartPress eCommerce Shopping Cart <= 1.5.3.6 Cross-Site Request Forgery
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
Vulnerabilidad de CSRF en el plugin TheCartPress eCommerce Shopping Cart (también conocido como The Professional WordPress eCommerce Plugin) para WordPress anterior a 1.3.9.3 permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que realizan ataques de salto de directorio a través del parámetro tcp_box_path en la página checkout_editor_settings en wp-admin/admin.php.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-04-08 CVE Published
- 2015-05-14 CVE Reserved
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/535396/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/74395 | Vdb Entry | |
| https://wordpress.org/plugins/thecartpress/changelog | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/36860 | 2024-08-06 | |
| http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html | 2024-08-06 | |
| https://www.htbridge.com/advisory/HTB23254 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Thecartpress Search vendor "Thecartpress" | Thecartpress Ecommerce Shopping Cart Search vendor "Thecartpress" for product "Thecartpress Ecommerce Shopping Cart" | <= 1.3.9 Search vendor "Thecartpress" for product "Thecartpress Ecommerce Shopping Cart" and version " <= 1.3.9" | wordpress |
Affected
| ||||||