Thecartpress

thecartpress

7 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Thecartpress Ecommerce Shopping Cart

thecartpress_ecommerce_shopping_cart

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-4582 1Thecartpress 1Boot Store Apr 30, 2025 Apr 28, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress allows header.php tcp_register_error XSS. NOTE: CVE-2015-4582 is not assigned to any Oracle product.
CVE-2024-5938 1Thecartpress 1Boot Store Apr 8, 2026 Jul 2, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitizat...Show more The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2015-3302 1Thecartpress 1Thecartpress Ecommerce Shopping Cart May 13, 2026 Dec 29, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken...Show more The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."Show less
CVE-2015-3986 1Thecartpress 1Thecartpress Ecommerce Shopping Cart May 6, 2026 May 14, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the auth...Show more Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.Show less
CVE-2015-3301 1Thecartpress 1Thecartpress Ecommerce Shopping Cart May 6, 2026 May 14, 2015 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via...Show more Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.Show less
CVE-2015-3300 1Thecartpress 1Thecartpress Ecommerce Shopping Cart May 6, 2026 May 14, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbit...Show more Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php.Show less
CVE-2011-5207 1Thecartpress 1Thecartpress Apr 29, 2026 Oct 4, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_na...Show more Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.Show less