Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:30
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html - Exploit | |
References | () http://www.securityfocus.com/archive/1/535396/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/74395 - | |
References | () https://wordpress.org/plugins/thecartpress/changelog/ - | |
References | () https://www.exploit-db.com/exploits/36860/ - Exploit | |
References | () https://www.htbridge.com/advisory/HTB23254 - Exploit |
Information
Published : 2015-05-14 14:59
Updated : 2024-11-21 02:30
NVD link : CVE-2015-3986
Mitre link : CVE-2015-3986
CVE.ORG link : CVE-2015-3986
JSON object : View
Products Affected
thecartpress
- thecartpress_ecommerce_shopping_cart
CWE
CWE-352
Cross-Site Request Forgery (CSRF)