WordPress CartPress Plugin Zero Day Disclosure

Thread starter djbaxter
Start date Apr 30, 2015

More threads by djbaxter

djbaxter

Administrator

Apr 30, 2015

#1

WordPress CartPress Plugin Zero Day Disclosure
by Michael Mimoso, Threatpost
April 29, 2015

Another round of WordPress vulnerability disclosures has taken place with details made public on a handful of unpatched bugs in the CartPress ecommerce plugin.

These disclosures come on the heels of a separate disclosure of a zero-day in the WordPress core engine. Those vulnerabilities have since been patched.

The CartPress vulnerabilities were reported on three separate occasions by researchers at High Tech Bridge on April 8, 17 and 27. From a timeline published in the High Tech Bridge advisory, no acknowledgement from CartPress was received.

?Currently, we are not aware of any official solution for this vulnerability,? the advisory says. CartPress will no longer be supported as of June 1. ?We recommend disabling or removing the vulnerable plugin as a workaround.?

According to High-Tech Bridge, the vulnerabilities can be exploited to run code, disclose data or carry out cross-site scripting attacks against sites running the plugin.

Read more...[/B

You must log in or register to reply here.

Similar threads

Important WordPress 5.8.3 Security Release

Replies: 0

Views: 3K

Jan 9, 2022

djbaxter

Ninja Forms WordPress Plugin: High Severity Vulnerability Patched

Replies: 0

Views: 3K

Apr 30, 2020

djbaxter

WordPress: Contact Form 7 File Upload Vulnerability

Replies: 0

Views: 5K

Dec 18, 2020

djbaxter

Zero-Day Vulnerability in ThemeREX Addons Plugin

Replies: 0

Views: 3K

Feb 19, 2020

djbaxter

WordPress Sites Targeted in Large-Scale Attacks

Replies: 0

Views: 4K

May 5, 2020

djbaxter

Share:

Facebook X (Twitter) Reddit Email Link

Login / Register

Already a member? LOG IN
Not a member yet? REGISTER

Events

Ask For Transparency

Newest Posts

D
Competitor Nearby with Similar Name & URL
- Latest: dnp
- Today at 5:16 PM
Local Search
S
Vendor for Bulk GBP posts
- Latest: sarmcl
- Today at 2:01 PM
Google Business Profile (GBP) & Google Maps
Reporting Business With Fake Reviews And Location Help!
- Latest: luischavez0104
- Today at 12:32 PM
Spam on Google
T
Anybody using Local Viking's Geo Booster?
- Latest: Trufinity Plumbing
- Today at 12:22 PM
Local Content
Hybrid to SAB
- Latest: luischavez0104
- Today at 12:10 PM
Google Business Profile (GBP) & Google Maps
Google Not Showing Social Profiles We Added But Adding Their Own
- Latest: luischavez0104
- Today at 12:05 PM
Google Business Profile (GBP) & Google Maps
Virtual Event Thanks to GatherUp for Sponsoring The LocalU March Webinar with Barry Schwartz
- Latest: CarrieHill
- Today at 10:56 AM
LSF News and Announcements

Trending: Most Replies

Trending: Most Viewed

J
Local Citation Building: major data aggregators vs citation service?
- Started by Jessica C
- Feb 18, 2025
- Views: 2K
Citations
R
Google Pin Drops
- Started by reedlmitchell
- Feb 14, 2025
- Views: 1K
Local Search
S
Client Acquired Another GBP and Was Suspended by Google
- Started by solive
- Feb 27, 2025
- Views: 1K
Local Search
K
GBP Suspended & Appeal Denied, Next Steps?
- Started by kchambers
- Feb 21, 2025
- Views: 1K
Google Business Profile (GBP) & Google Maps
P
Reporting Fake Google Map Listing Help
- Started by PGFP
- Feb 13, 2025
- Views: 934
Spam on Google

Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...

Share this page

Facebook X (Twitter) Reddit Email Link

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Top Bottom