CVE-2015-3300

TheCartPress eCommerce Shopping Cart < 1.3.9 - Cross-Site Scripting via Multiple Input Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3300. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in TheCartPress WordPress plugin, including local file inclusion, stored XSS, and improper access control. It provides proof-of-concept code for exploiting these vulnerabilities, such as directory traversal via 'tcp_box_path' and XSS via unsanitized input fields.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php.

Exploits (1)

exploitdb WORKING POC
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/36860

The exploit demonstrates multiple vulnerabilities in TheCartPress WordPress plugin, including local file inclusion, stored XSS, and improper access control. It provides proof-of-concept code for exploiting these vulnerabilities, such as directory traversal via 'tcp_box_path' and XSS via unsanitized input fields.

Classification
Working Poc 100%
Attack Type
Xss | Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: TheCartPress WordPress plugin 1.3.9 and prior
No auth needed
Prerequisites: Access to a vulnerable WordPress installation with TheCartPress plugin · For some exploits, administrator privileges or tricking an admin into visiting a crafted link
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/121472
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/121471
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/121469
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/121470
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74395
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/36860/
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535396/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/121438

Scores

EPSS 0.0642
EPSS Percentile 92.8%

Details

CWE
CWE-79
Status published
Products (1)
thecartpress/thecartpress_ecommerce_shopping_cart < 1.3.9
Published May 14, 2015
Tracked Since Feb 18, 2026