Internet threat level: 1
Home→Descriptions→SA49652
WordPress TheCartPress Plugin Order Information Security Bypass
| Secunia ID | |
| Release Date |
20 Jun 2012 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
WordPress TheCartPress Plugin 1.x |
| Where | |
| Impact |
Security BypassThis covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application. The actual impact varies significantly depending on the design and purpose of the affected application. |
| Description |
Charlie Eriksen has discovered a vulnerability in the TheCartPress plugin for WordPress, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the wp-content/plugins/thecartpress/admin/PrintOrder.php script not checking for credentials before displaying order details. This can be exploited to view the order details of arbitrary users. The vulnerability is confirmed in version 1.1.9.2. Other versions may also be affected. |
| Solution |
The vendor has released an updated version 1.1.9.2, which fixes the vulnerability. |
| Reported by |
Charlie Eriksen via Secunia. |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.