CVE-2013-5978

MEDIUM

Cart66 Lite Plugin < 1.5.1.14 - Cross-Site Scripting via Product Name or Price Description

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-5978. PoCs published by absane.

AI-analyzed exploit summary This exploit demonstrates a CSRF and stored XSS vulnerability in WordPress Cart66 Plugin 1.5.1.14. The PoC includes HTML/JavaScript to auto-submit a malicious product form, exploiting lack of CSRF tokens and input sanitization.

Description

Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.

Exploits (1)

exploitdb WORKING POC VERIFIED
by absane · textwebappsphp
https://www.exploit-db.com/exploits/28959

This exploit demonstrates a CSRF and stored XSS vulnerability in WordPress Cart66 Plugin 1.5.1.14. The PoC includes HTML/JavaScript to auto-submit a malicious product form, exploiting lack of CSRF tokens and input sanitization.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WordPress Cart66 Plugin 1.5.1.14
Auth required
Prerequisites: Authenticated WordPress admin session · Victim interaction (clicking a link)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/bugtraq/2013/Oct/52
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/28959
Release Notes, Third Party Advisory x_refsource_misc
http://wordpress.org/plugins/cart66-lite/changelog
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/62977
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/87873

Scores

CVSS v3 6.1
EPSS 0.0408
EPSS Percentile 89.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
cart66/cart66_lite_plugin < 1.5.1.14
Published Dec 11, 2019
Tracked Since Feb 18, 2026