Directory Traversal Vulnerability in TheCartPress Plugin for WordPress
CVE-2015-3301

Currently unrated

Key Information:

Vendor

Wordpress
Status
Thecartpress Ecommerce Shopping Cart
Vendor
CVE Published:
14 May 2015

What is CVE-2015-3301?

A directory traversal vulnerability exists in TheCartPress eCommerce Shopping Cart plugin for WordPress prior to version 1.3.9.3. This flaw allows remote administrators to exploit the tcp_box_path parameter on the checkout_editor_settings page, leading to unauthorized access to arbitrary files on the server by leveraging the .. (dot dot) path traversal technique. This can potentially expose sensitive information stored on the server, thereby increasing the risk of further attacks.

References

https://www.htbridge.com/advisory/HTB23254
x_refsource_MISC
https://wordpress.org/plugins/thecartpress/changelog/
x_refsource_CONFIRM
http://packetstormsecurity.com/files/131673/WordPress-The...
x_refsource_MISC

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.