CVE-2015-3302

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Thecartpress Ecommerce Shopping Cart
Vendor: CVE Published:; 29 December 2017

Summary

The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."

References

https://www.htbridge.com/advisory/HTB23254

x_refsource_MISC

http://packetstormsecurity.com/files/131673/WordPress-The...

x_refsource_MISC

http://www.securityfocus.com/archive/1/535396/100/1100/th...

mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 29, 2017
Vulnerability Reserved
Apr 13, 2015