7.5

CVE-2015-3302

Exploit

TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Sensitive Information Disclosure

The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."
Mögliche Gegenmaßnahme
TheCartPress eCommerce Shopping Cart: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt TheCartPress eCommerce Shopping Cart
Version *-1.5.3.6
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ThecartpressThecartpress Ecommerce Shopping Cart SwPlatformwordpress Version <= 1.3.9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 20.64% 0.953
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.securityfocus.com/bid/74395
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/36860/
Third Party Advisory
Exploit
VDB Entry
Issue Tracking
https://www.htbridge.com/advisory/HTB23254
Third Party Advisory
Exploit
Issue Tracking