TheCartPress eCommerce Shopping Cart – a popular WordPress e-commerce plugin that is actively used on over 5,000 websites – contains high-risk vulnerabilities that can be exploited to compromise customers’ data, execute arbitrary PHP code, and perform Cross-Site Scripting attacks against users of WordPress installations, claim High-Tech Bridge researchers. Users are advised to disable or remove the plugin.
The bugs affect version 1.3.9 (the latest) and probably prior ones, the researchers say. A fix for these vulnerabilities is unlikely, as the developers noted before that support for TheCartPress plugin will end on June 1, 2015.
Update: an update to TheCartPress 18.104.22.168 is available and given the changelog, development of the plugin is picking up again.
TheCartPress WordPress plugin security advisory #
You can read High-Tech Bridge’s Multiple Vulnerabilities in TheCartPress WordPress plugin advisory.
Show Your Support
If you want to step in to help me cover the costs for running this website, that would be awesome. Just use this link to donate a cup of coffee ($5 USD for example). And please share the love and help others make use of this website. Thank you very much!