Unrated severityNVD Advisory· Published Oct 4, 2012· Updated Apr 29, 2026

CVE-2011-5207

Description

Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.

Affected products

Thecartpress/Thecartpress17 versions
cpe:2.3:a:thecartpress:thecartpress:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:thecartpress:thecartpress:*:*:*:*:*:*:*:*range: <=1.1.6
- cpe:2.3:a:thecartpress:thecartpress:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:thecartpress:thecartpress:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:thecartpress:thecartpress:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:thecartpress:thecartpress:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:thecartpress:thecartpress:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:thecartpress:thecartpress:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:thecartpress:thecartpress:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:thecartpress:thecartpress:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:thecartpress:thecartpress:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:thecartpress:thecartpress:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:thecartpress:thecartpress:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:thecartpress:thecartpress:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:thecartpress:thecartpress:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:thecartpress:thecartpress:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:thecartpress:thecartpress:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:thecartpress:thecartpress:1.1.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.org/files/view/108272/wpcartpress-xss.txtnvdExploit
www.securityfocus.com/bid/51216nvdExploit
secunia.com/advisories/47427nvdVendor Advisory
plugins.trac.wordpress.org/changeset/482746/thecartpressnvd
exchange.xforce.ibmcloud.com/vulnerabilities/72070nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000