Vulnerability Description
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thecartpress | Thecartpress Ecommerce Shopping Cart | <= 1.3.9 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-LocExploitIssue TrackingThird Party Advisory
- http://www.securityfocus.com/archive/1/535396/100/1100/threaded
- http://www.securityfocus.com/bid/74395Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/36860/ExploitIssue TrackingThird Party Advisory
- https://www.htbridge.com/advisory/HTB23254ExploitIssue TrackingThird Party Advisory
- http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-LocExploitIssue TrackingThird Party Advisory
- http://www.securityfocus.com/archive/1/535396/100/1100/threaded
- http://www.securityfocus.com/bid/74395Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/36860/ExploitIssue TrackingThird Party Advisory
- https://www.htbridge.com/advisory/HTB23254ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2015-3302?
CVE-2015-3302 is a vulnerability with a CVSS score of 7.5 (HIGH). The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by l...
How severe is CVE-2015-3302?
CVE-2015-3302 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3302?
Check the references section above for vendor advisories and patch information. Affected products include: Thecartpress Thecartpress Ecommerce Shopping Cart.