Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for thecartpress_ecommerce_shopping_cart by thecartpress

    CVE-2015-3302 (GCVE-0-2015-3302)

    Vulnerability from nvd – Published: 2017-12-29 22:00 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-04-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:32.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23254"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
              },
              {
                "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/535396/100/1100/threaded"
              },
              {
                "name": "74395",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74395"
              },
              {
                "name": "36860",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/36860/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a \"broken authentication mechanism.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23254"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
            },
            {
              "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/535396/100/1100/threaded"
            },
            {
              "name": "74395",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74395"
            },
            {
              "name": "36860",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/36860/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-3302",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a \"broken authentication mechanism.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.htbridge.com/advisory/HTB23254",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23254"
                },
                {
                  "name": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
                },
                {
                  "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/535396/100/1100/threaded"
                },
                {
                  "name": "74395",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74395"
                },
                {
                  "name": "36860",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/36860/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-3302",
        "datePublished": "2017-12-29T22:00:00.000Z",
        "dateReserved": "2015-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:32.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3986 (GCVE-0-2015-3986)

    Vulnerability from nvd – Published: 2015-05-14 14:00 – Updated: 2024-08-06 06:04
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-04-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:04:02.810Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23254"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/thecartpress/changelog/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
              },
              {
                "name": "74395",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74395"
              },
              {
                "name": "36860",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/36860/"
              },
              {
                "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23254"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/thecartpress/changelog/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
            },
            {
              "name": "74395",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74395"
            },
            {
              "name": "36860",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/36860/"
            },
            {
              "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-3986",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.htbridge.com/advisory/HTB23254",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23254"
                },
                {
                  "name": "https://wordpress.org/plugins/thecartpress/changelog/",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/thecartpress/changelog/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
                },
                {
                  "name": "74395",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74395"
                },
                {
                  "name": "36860",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/36860/"
                },
                {
                  "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-3986",
        "datePublished": "2015-05-14T14:00:00.000Z",
        "dateReserved": "2015-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:04:02.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3301 (GCVE-0-2015-3301)

    Vulnerability from nvd – Published: 2015-05-14 14:00 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-04-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:32.146Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23254"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/thecartpress/changelog/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
              },
              {
                "name": "121439",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/121439"
              },
              {
                "name": "74395",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74395"
              },
              {
                "name": "36860",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/36860/"
              },
              {
                "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23254"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/thecartpress/changelog/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
            },
            {
              "name": "121439",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/121439"
            },
            {
              "name": "74395",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74395"
            },
            {
              "name": "36860",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/36860/"
            },
            {
              "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-3301",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.htbridge.com/advisory/HTB23254",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23254"
                },
                {
                  "name": "https://wordpress.org/plugins/thecartpress/changelog/",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/thecartpress/changelog/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
                },
                {
                  "name": "121439",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/121439"
                },
                {
                  "name": "74395",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74395"
                },
                {
                  "name": "36860",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/36860/"
                },
                {
                  "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-3301",
        "datePublished": "2015-05-14T14:00:00.000Z",
        "dateReserved": "2015-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:32.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3300 (GCVE-0-2015-3300)

    Vulnerability from nvd – Published: 2015-05-14 14:00 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-04-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:32.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "121472",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/121472"
              },
              {
                "name": "121471",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/121471"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23254"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/thecartpress/changelog/"
              },
              {
                "name": "121469",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/121469"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
              },
              {
                "name": "121470",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/121470"
              },
              {
                "name": "74395",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74395"
              },
              {
                "name": "36860",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/36860/"
              },
              {
                "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
              },
              {
                "name": "121438",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/121438"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "121472",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/121472"
            },
            {
              "name": "121471",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/121471"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23254"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/thecartpress/changelog/"
            },
            {
              "name": "121469",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/121469"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
            },
            {
              "name": "121470",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/121470"
            },
            {
              "name": "74395",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74395"
            },
            {
              "name": "36860",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/36860/"
            },
            {
              "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
            },
            {
              "name": "121438",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/121438"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-3300",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "121472",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/121472"
                },
                {
                  "name": "121471",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/121471"
                },
                {
                  "name": "https://www.htbridge.com/advisory/HTB23254",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23254"
                },
                {
                  "name": "https://wordpress.org/plugins/thecartpress/changelog/",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/thecartpress/changelog/"
                },
                {
                  "name": "121469",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/121469"
                },
                {
                  "name": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
                },
                {
                  "name": "121470",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/121470"
                },
                {
                  "name": "74395",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74395"
                },
                {
                  "name": "36860",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/36860/"
                },
                {
                  "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
                },
                {
                  "name": "121438",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/121438"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-3300",
        "datePublished": "2015-05-14T14:00:00.000Z",
        "dateReserved": "2015-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:32.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3302 (GCVE-0-2015-3302)

    Vulnerability from cvelistv5 – Published: 2017-12-29 22:00 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-04-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:32.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23254"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
              },
              {
                "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/535396/100/1100/threaded"
              },
              {
                "name": "74395",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74395"
              },
              {
                "name": "36860",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/36860/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a \"broken authentication mechanism.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23254"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
            },
            {
              "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/535396/100/1100/threaded"
            },
            {
              "name": "74395",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74395"
            },
            {
              "name": "36860",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/36860/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-3302",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a \"broken authentication mechanism.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.htbridge.com/advisory/HTB23254",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23254"
                },
                {
                  "name": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
                },
                {
                  "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/535396/100/1100/threaded"
                },
                {
                  "name": "74395",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74395"
                },
                {
                  "name": "36860",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/36860/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-3302",
        "datePublished": "2017-12-29T22:00:00.000Z",
        "dateReserved": "2015-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:32.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3986 (GCVE-0-2015-3986)

    Vulnerability from cvelistv5 – Published: 2015-05-14 14:00 – Updated: 2024-08-06 06:04
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-04-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:04:02.810Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23254"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/thecartpress/changelog/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
              },
              {
                "name": "74395",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74395"
              },
              {
                "name": "36860",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/36860/"
              },
              {
                "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23254"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/thecartpress/changelog/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
            },
            {
              "name": "74395",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74395"
            },
            {
              "name": "36860",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/36860/"
            },
            {
              "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-3986",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.htbridge.com/advisory/HTB23254",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23254"
                },
                {
                  "name": "https://wordpress.org/plugins/thecartpress/changelog/",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/thecartpress/changelog/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
                },
                {
                  "name": "74395",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74395"
                },
                {
                  "name": "36860",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/36860/"
                },
                {
                  "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-3986",
        "datePublished": "2015-05-14T14:00:00.000Z",
        "dateReserved": "2015-05-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:04:02.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3301 (GCVE-0-2015-3301)

    Vulnerability from cvelistv5 – Published: 2015-05-14 14:00 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-04-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:32.146Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23254"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/thecartpress/changelog/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
              },
              {
                "name": "121439",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/121439"
              },
              {
                "name": "74395",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74395"
              },
              {
                "name": "36860",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/36860/"
              },
              {
                "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23254"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/thecartpress/changelog/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
            },
            {
              "name": "121439",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/121439"
            },
            {
              "name": "74395",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74395"
            },
            {
              "name": "36860",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/36860/"
            },
            {
              "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-3301",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.htbridge.com/advisory/HTB23254",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23254"
                },
                {
                  "name": "https://wordpress.org/plugins/thecartpress/changelog/",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/thecartpress/changelog/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
                },
                {
                  "name": "121439",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/121439"
                },
                {
                  "name": "74395",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74395"
                },
                {
                  "name": "36860",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/36860/"
                },
                {
                  "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-3301",
        "datePublished": "2015-05-14T14:00:00.000Z",
        "dateReserved": "2015-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:32.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3300 (GCVE-0-2015-3300)

    Vulnerability from cvelistv5 – Published: 2015-05-14 14:00 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-04-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:32.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "121472",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/121472"
              },
              {
                "name": "121471",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/121471"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23254"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/thecartpress/changelog/"
              },
              {
                "name": "121469",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/121469"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
              },
              {
                "name": "121470",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/121470"
              },
              {
                "name": "74395",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74395"
              },
              {
                "name": "36860",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/36860/"
              },
              {
                "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
              },
              {
                "name": "121438",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/121438"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "121472",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/121472"
            },
            {
              "name": "121471",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/121471"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23254"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/thecartpress/changelog/"
            },
            {
              "name": "121469",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/121469"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
            },
            {
              "name": "121470",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/121470"
            },
            {
              "name": "74395",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74395"
            },
            {
              "name": "36860",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/36860/"
            },
            {
              "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
            },
            {
              "name": "121438",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/121438"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-3300",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "121472",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/121472"
                },
                {
                  "name": "121471",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/121471"
                },
                {
                  "name": "https://www.htbridge.com/advisory/HTB23254",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23254"
                },
                {
                  "name": "https://wordpress.org/plugins/thecartpress/changelog/",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/thecartpress/changelog/"
                },
                {
                  "name": "121469",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/121469"
                },
                {
                  "name": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
                },
                {
                  "name": "121470",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/121470"
                },
                {
                  "name": "74395",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74395"
                },
                {
                  "name": "36860",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/36860/"
                },
                {
                  "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
                },
                {
                  "name": "121438",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/121438"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-3300",
        "datePublished": "2015-05-14T14:00:00.000Z",
        "dateReserved": "2015-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:32.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }