QwikSec

Security Database

CVE

CWE

Training

CVE-2013-5977

Published: Nov 1, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20131011 Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities

mailing-list

x_refsource_BUGTRAQ

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_OSVDB

20131014 Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities

mailing-list

x_refsource_BUGTRAQ

wp-cart66-cve20135977-admin-csrf(87874)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

http://wordpress.org/plugins/cart66-lite/changelog/

x_refsource_CONFIRM

http://blog.noobroot.com/#%21/2013/10/0-day-wordpress-cart66-plugin-15114.html

x_refsource_MISC

vdb-entry

x_refsource_BID

http://packetstormsecurity.com/files/123587/WordPress-Cart66-1.5.1.14-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.