CVE-2015-3301

Currently unrated

Key Information:

Vendor: Wordpress
Status: Thecartpress Ecommerce Shopping Cart
Vendor: CVE Published:; 14 May 2015

Summary

Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.

References

https://www.htbridge.com/advisory/HTB23254

x_refsource_MISC

https://wordpress.org/plugins/thecartpress/changelog/

x_refsource_CONFIRM

http://packetstormsecurity.com/files/131673/WordPress-The...

x_refsource_MISC

Timeline

Vulnerability published
May 14, 2015
Vulnerability Reserved
Apr 13, 2015