djbaxter

Administrator
Administrator
Moderator
Joined
Jun 28, 2012
Messages
3,410
WordPress CartPress Plugin Zero Day Disclosure
by Michael Mimoso, Threatpost
April 29, 2015

Another round of WordPress vulnerability disclosures has taken place with details made public on a handful of unpatched bugs in the CartPress ecommerce plugin.

These disclosures come on the heels of a separate disclosure of a zero-day in the WordPress core engine. Those vulnerabilities have since been patched.

The CartPress vulnerabilities were reported on three separate occasions by researchers at High Tech Bridge on April 8, 17 and 27. From a timeline published in the High Tech Bridge advisory, no acknowledgement from CartPress was received.

?Currently, we are not aware of any official solution for this vulnerability,? the advisory says. CartPress will no longer be supported as of June 1. ?We recommend disabling or removing the vulnerable plugin as a workaround.?

According to High-Tech Bridge, the vulnerabilities can be exploited to run code, disclose data or carry out cross-site scripting attacks against sites running the plugin.

Read more...[/B
 

Login / Register

Already a member?   LOG IN
Not a member yet?   REGISTER

Most UpVoted Answers

Trending: Most Viewed

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...
Google Product Exert


Top Bottom