CVE-2011-5207

TheCartPress < 1.1.6 - Cross-Site Scripting via tcp_name_post_XXXXX Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5207. PoCs published by 6Scan.

AI-analyzed exploit summary The exploit describes a cross-site scripting (XSS) vulnerability in TheCartPress WordPress Plugin 1.6 and prior versions. It highlights the lack of input sanitization, allowing arbitrary script execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by 6Scan · textwebappsphp

https://www.exploit-db.com/exploits/36481

View Code ZIP pw:eip

The exploit describes a cross-site scripting (XSS) vulnerability in TheCartPress WordPress Plugin 1.6 and prior versions. It highlights the lack of input sanitization, allowing arbitrary script execution in the context of the affected site.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: TheCartPress WordPress Plugin <= 1.6

No auth needed

Prerequisites: Access to the vulnerable plugin endpoint

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/files/view/108272/wpcartpress-xss.txt

Product x_refsource_confirm

http://plugins.trac.wordpress.org/changeset/482746/thecartpress

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/47427

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/51216

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/72070

Scores

EPSS 0.0454

EPSS Percentile 90.3%

Details

CWE

CWE-79

Status published

Products (17)

thecartpress/thecartpress 1.0

thecartpress/thecartpress 1.0.1

thecartpress/thecartpress 1.0.2

thecartpress/thecartpress 1.0.3

thecartpress/thecartpress 1.0.4

thecartpress/thecartpress 1.0.5

thecartpress/thecartpress 1.0.6

thecartpress/thecartpress 1.0.7

thecartpress/thecartpress 1.0.8

thecartpress/thecartpress 1.0.9

... and 7 more

Published Oct 04, 2012

Tracked Since Feb 18, 2026