CVE-2015-3300 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname (2) billing_lastname (3) billing_company (4) billing_tax_id_number (5) billing_city (6) billing_street (7) billing_street_2 (8) billing_postcode (9) billing_telephone_1 (10) billing_telephone_2 (11) billing_fax (12) shipping_firstname (13) shipping_lastname (14) shipping_company (15) shipping_tax_id_number (16) shipping_city (17) shipping_street (18) shipping_street_2 (19) shipping_postcode (20) shipping_telephone_1 (21) shipping_telephone_2 or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id (25) address_name (26) firstname (27) lastname (28) street (29) city (30) postcode or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php.

Reference

http://osvdb.org/show/osvdb/121438 http://osvdb.org/show/osvdb/121469 http://osvdb.org/show/osvdb/121470 http://osvdb.org/show/osvdb/121471 http://osvdb.org/show/osvdb/121472 http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html http://www.securityfocus.com/archive/1/535396/100/0/threaded http://www.securityfocus.com/bid/74395 https://wordpress.org/plugins/thecartpress/changelog/ https://www.exploit-db.com/exploits/36860/ https://www.htbridge.com/advisory/HTB23254