Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Cart66 Cloud :: WordPress Ecommerce The Easy Way by reality66

    CVE-2025-2841 (GCVE-0-2025-2841)

    Vulnerability from nvd – Published: 2025-04-12 02:23 – Updated: 2026-04-08 16:55
    VLAI
    Title
    Cart66 Cloud <= 2.3.7 - Unauthenticated Information Exposure
    Summary
    The Cart66 Cloud plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.7 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Credits
    Avraham Shemesh
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2841",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T19:21:48.670333Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T19:22:00.733Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cart66 Cloud :: WordPress Ecommerce The Easy Way",
              "vendor": "reality66",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Avraham Shemesh"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Cart66 Cloud plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.7 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:55:29.354Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5be01bba-e4f4-4818-9612-fc37b648a349?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/cart66-cloud/tags/2.3.7/views/admin/html-system-info.php#L26"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/cart66-cloud/tags/2.3.7/views/admin/html-system-info.php#L39"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/cart66-cloud/tags/2.3.7/views/admin/html-system-info.php#L59"
            },
            {
              "url": "https://wordpress.org/plugins/cart66-cloud/#developers"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-11T14:19:41.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Cart66 Cloud \u003c= 2.3.7 - Unauthenticated Information Exposure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-2841",
        "datePublished": "2025-04-12T02:23:14.583Z",
        "dateReserved": "2025-03-27T00:08:19.935Z",
        "dateUpdated": "2026-04-08T16:55:29.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2841 (GCVE-0-2025-2841)

    Vulnerability from cvelistv5 – Published: 2025-04-12 02:23 – Updated: 2026-04-08 16:55
    VLAI
    Title
    Cart66 Cloud <= 2.3.7 - Unauthenticated Information Exposure
    Summary
    The Cart66 Cloud plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.7 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Credits
    Avraham Shemesh
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2841",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T19:21:48.670333Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T19:22:00.733Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Cart66 Cloud :: WordPress Ecommerce The Easy Way",
              "vendor": "reality66",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Avraham Shemesh"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Cart66 Cloud plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.7 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:55:29.354Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5be01bba-e4f4-4818-9612-fc37b648a349?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/cart66-cloud/tags/2.3.7/views/admin/html-system-info.php#L26"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/cart66-cloud/tags/2.3.7/views/admin/html-system-info.php#L39"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/cart66-cloud/tags/2.3.7/views/admin/html-system-info.php#L59"
            },
            {
              "url": "https://wordpress.org/plugins/cart66-cloud/#developers"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-11T14:19:41.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Cart66 Cloud \u003c= 2.3.7 - Unauthenticated Information Exposure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-2841",
        "datePublished": "2025-04-12T02:23:14.583Z",
        "dateReserved": "2025-03-27T00:08:19.935Z",
        "dateUpdated": "2026-04-08T16:55:29.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }