Description

WordPress Plugin TheCartPress eCommerce Shopping Cart is prone to a security bypass vulnerability because the application fails to properly check user credentials. An attacker can exploit this issue to obtain sensitive information which may help in launching further attacks. WordPress Plugin TheCartPress eCommerce Shopping Cart version 1.1.9.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.2.0 or latest

References

http://ceriksen.com/2012/06/20/wordpress-thecartpress-plugin-order-information-security-bypass/

http://secunia.com/advisories/49652/

Related Vulnerabilities

WordPress Plugin Slickr Flickr Cross-Site Scripting (2.8.1)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12646)

Oracle HTTP Server Other Vulnerability (CVE-1999-1125)

WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)

WordPress Plugin Really Simple Share Unspecified Vulnerability (4.3.6)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass