Description
WordPress Plugin TheCartPress eCommerce Shopping Cart is prone to a security bypass vulnerability because the application fails to properly check user credentials. An attacker can exploit this issue to obtain sensitive information which may help in launching further attacks. WordPress Plugin TheCartPress eCommerce Shopping Cart version 1.1.9.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.0 or latest
References
Related Vulnerabilities
WordPress Plugin GeoDirectory Location Manager Multiple SQL Injection Vulnerabilities (2.1.0.9)
WordPress CVE-2014-5203 Vulnerability (CVE-2014-5203)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-5594)
WordPress Plugin Wow Forms-create any form with custom style SQL Injection (2.1)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2023-0216)