Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-3300

Published: 14/05/2015 Updated: 09/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Thecartpress

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress prior to 1.3.9.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php.

Vulnerable Product Search on Vulmon Subscribe to Product

thecartpress thecartpress ecommerce shopping cart

Exploits

Exploit DB: WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities
Advisory ID: HTB23254 Product: TheCartPress WordPress plugin Vendor: TheCartPress team Vulnerable Version(s): 139 and probably prior Tested Version: 139 Advisory Publication: April 8, 2015 [without technical details] Vendor Notification: April 8, 2015 Public Disclosure: April 29, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79], PHP F ...
Exploit DB: WordPress TheCartPress 1.3.9 XSS / Local File Inclusion
WordPress TheCartPress plugin version 139 suffers from local file inclusion, improper access control, and cross site scripting vulnerabilities ...

References

CWE-79https://www.htbridge.com/advisory/HTB23254http://osvdb.org/show/osvdb/121472http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.htmlhttps://www.exploit-db.com/exploits/36860/http://osvdb.org/show/osvdb/121469https://wordpress.org/plugins/thecartpress/changelog/http://osvdb.org/show/osvdb/121471http://osvdb.org/show/osvdb/121470http://osvdb.org/show/osvdb/121438http://www.securityfocus.com/bid/74395http://www.securityfocus.com/archive/1/535396/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/36860/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook