WordPress TheCartPress Plugin Multiple Security Vulnerabilities

The TheCartPress plugin for WordPress is prone to the following security vulnerabilities:

1. Multiple HTML-Injection vulnerabilities
2. An access-bypass vulnerability
3. Multiple cross-site scripting vulnerabilities
4. A local file-include vulnerability

Exploiting these vulnerabilities could allow an attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials, perform unauthorized actions and compromise the application, and to obtain potentially sensitive information and execute arbitrary local scripts.


Privacy Statement
Copyright 2010, SecurityFocus