High-risk vulnerabilities in TheCartPress leaves WordPress sites at risk

TheCartPress eCommerce Shopping Cart – a popular WordPress e-commerce plugin that is actively used on over 5,000 websites – contains high-risk vulnerabilities that can be exploited to compromise customers’ data, execute arbitrary PHP code, and perform Cross-Site Scripting attacks against users of WordPress installations, claim High-Tech Bridge researchers. Users are advised to disable or remove the plugin.

The bugs affect version 1.3.9 (the latest) and probably prior ones, the researchers say. A fix for these vulnerabilities is unlikely, as the developers noted before that support for TheCartPress plugin will end on June 1, 2015.

Update: an update to TheCartPress 1.3.9.3 is available and given the changelog, development of the plugin is picking up again.

TheCartPress WordPress plugin security advisory #

You can read High-Tech Bridge’s Multiple Vulnerabilities in TheCartPress WordPress plugin advisory.


Show your support


If you want to step in to help me cover the costs for running this website, that would be awesome. Just use this link to donate a cup of coffee ($5 USD for example). And please share the love and help others make use of this website. Thank you very much!


About the Author Jan Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.

follow me on:

Leave a Reply

Be the First to Comment!

avatar
  Subscribe  
Notify of