Cross-Site Scripting Vulnerabilities in TheCartPress eCommerce Plugin for WordPress
CVE-2015-3300

Currently unrated

Key Information:

Vendor: Wordpress
Status: Thecartpress Ecommerce Shopping Cart
Vendor: CVE Published:; 14 May 2015

Summary

TheCartPress eCommerce Shopping Cart plugin for WordPress is susceptible to multiple cross-site scripting vulnerabilities that permit remote attackers to inject arbitrary web scripts or HTML. This exploit can occur through various input parameters during checkout and within the administrative interfaces, such as billing and shipping details. Attackers can leverage these vulnerabilities to execute malicious scripts, potentially compromising the security of the website and its users.

References

http://osvdb.org/show/osvdb/121472

vdb-entryx_refsource_OSVDB

http://osvdb.org/show/osvdb/121471

vdb-entryx_refsource_OSVDB

https://www.htbridge.com/advisory/HTB23254

x_refsource_MISC

Timeline

Vulnerability published
May 14, 2015
Vulnerability Reserved
Apr 13, 2015