20 Jun 2012
WordPress TheCartPress Plugin 1.x
This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application.
The actual impact varies significantly depending on the design and purpose of the affected application.
Charlie Eriksen has discovered a vulnerability in the TheCartPress plugin for WordPress, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to the wp-content/plugins/thecartpress/admin/PrintOrder.php script not checking for credentials before displaying order details. This can be exploited to view the order details of arbitrary users.
The vulnerability is confirmed in version 126.96.36.199. Other versions may also be affected.
The vendor has released an updated version 188.8.131.52, which fixes the vulnerability.
Charlie Eriksen via Secunia.