WordPress CartPress Plugin Zero Day Disclosure

Thread starter djbaxter
Start date Apr 30, 2015

More threads by djbaxter

djbaxter

Administrator

Apr 30, 2015

#1

WordPress CartPress Plugin Zero Day Disclosure
by Michael Mimoso, Threatpost
April 29, 2015

Another round of WordPress vulnerability disclosures has taken place with details made public on a handful of unpatched bugs in the CartPress ecommerce plugin.

These disclosures come on the heels of a separate disclosure of a zero-day in the WordPress core engine. Those vulnerabilities have since been patched.

The CartPress vulnerabilities were reported on three separate occasions by researchers at High Tech Bridge on April 8, 17 and 27. From a timeline published in the High Tech Bridge advisory, no acknowledgement from CartPress was received.

?Currently, we are not aware of any official solution for this vulnerability,? the advisory says. CartPress will no longer be supported as of June 1. ?We recommend disabling or removing the vulnerable plugin as a workaround.?

According to High-Tech Bridge, the vulnerabilities can be exploited to run code, disclose data or carry out cross-site scripting attacks against sites running the plugin.

Read more...[/B

Ask For Transparency

You must log in or register to reply here.

Similar threads

Important WordPress 5.8.3 Security Release

Replies: 0

Views: 3K

Jan 9, 2022

djbaxter

Ninja Forms WordPress Plugin: High Severity Vulnerability Patched

Replies: 0

Views: 3K

Apr 30, 2020

djbaxter

WordPress: Contact Form 7 File Upload Vulnerability

Replies: 0

Views: 5K

Dec 18, 2020

djbaxter

Zero-Day Vulnerability in ThemeREX Addons Plugin

Replies: 0

Views: 2K

Feb 19, 2020

djbaxter

WordPress Sites Targeted in Large-Scale Attacks

Replies: 0

Views: 4K

May 5, 2020

djbaxter

Share:

Facebook X (Twitter) Reddit Email Link

Login / Register

Already a member? LOG IN
Not a member yet? REGISTER

Events

LocalU Global

Newest Posts

Client Acquired Another GBP and Was Suspended by Google
- Latest: fisicx
- Today at 3:17 AM
Local Search
Need Assistance with a Duplicate GBP
- Latest: Brian - TGL
- Yesterday at 4:17 PM
Google Business Profile (GBP) & Google Maps
Virtual Event Thanks to The Transparency Company for Sponsoring LocalU Global This Month!
- Latest: JoyHawkins
- Yesterday at 3:37 PM
LSF News and Announcements
J
Why do I keep getting this message?
- Latest: JS Girard
- Yesterday at 2:49 PM
Google Business Profile (GBP) & Google Maps
Location Spoofing With gs location changer
- Latest: CarrieHill
- Yesterday at 2:21 PM
Local Search
Promote GBP Through Display Ads
- Latest: Chris Barnard
- Yesterday at 1:11 PM
Local Search
Anyone have Chat via SMS approved?
- Latest: ElizabethRule
- Yesterday at 1:02 PM
Google Business Profile (GBP) & Google Maps

Trending: Most Replies

Trending: Most Viewed

Hundreds of business got 5 star reviews removed
- Started by xavier_colomes
- Feb 7, 2025
- Views: 28K
Local Reviews
H
Decline in core local rankings since jan 14 2025
- Started by helloworld
- Feb 6, 2025
- Views: 1K
Organic SEO
J
Local Citation Building: major data aggregators vs citation service?
- Started by Jessica C
- Feb 18, 2025
- Views: 1K
Citations
B
Violation of Google's policies: manipulation of name and reviews
- Started by badun229
- Feb 4, 2025
- Views: 1K
Google Business Profile (GBP) & Google Maps
R
Google Pin Drops
- Started by reedlmitchell
- Feb 14, 2025
- Views: 1K
Local Search

Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...

Share this page

Facebook X (Twitter) Reddit Email Link

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Top Bottom