WordPress CartPress Plugin Zero Day Disclosure


djbaxter

Administrator
Administrator
Joined
Jun 28, 2012
Messages
2,471
Likes
678
WordPress CartPress Plugin Zero Day Disclosure
by Michael Mimoso, Threatpost
April 29, 2015

Another round of WordPress vulnerability disclosures has taken place with details made public on a handful of unpatched bugs in the CartPress ecommerce plugin.

These disclosures come on the heels of a separate disclosure of a zero-day in the WordPress core engine. Those vulnerabilities have since been patched.

The CartPress vulnerabilities were reported on three separate occasions by researchers at High Tech Bridge on April 8, 17 and 27. From a timeline published in the High Tech Bridge advisory, no acknowledgement from CartPress was received.

?Currently, we are not aware of any official solution for this vulnerability,? the advisory says. CartPress will no longer be supported as of June 1. ?We recommend disabling or removing the vulnerable plugin as a workaround.?

According to High-Tech Bridge, the vulnerabilities can be exploited to run code, disclose data or carry out cross-site scripting attacks against sites running the plugin.
Read more...[/B
 

Local Search Forum


Weekly Digest
Subscribe/Unsubscribe


Google Product Exert

@LocalSearchLink

Join Our Facebook Group

Top