VYPR

Thecartpress

by WordPress

Source repositories

CVEs (5)

  • CVE-2021-47932CriMay 10, 2026
    risk 0.64cvss 9.8epss 0.00

    WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler. Attackers can send POST requests to the tcp_register_and_login_ajax action…

  • CVE-2015-3301May 14, 2015
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the…

  • CVE-2015-3300May 14, 2015
    risk 0.04cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2)…

  • CVE-2015-3986May 14, 2015
    risk 0.03cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct…

  • CVE-2011-5207Oct 4, 2012
    risk 0.00cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.