VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 6 known issues Latest disclosed Jan 26, 2015

Cart66 Lite :: WordPress Ecommerce Vulnerabilities

Review known vulnerability records for the WordPress plugin Cart66 Lite :: WordPress Ecommerce (`cart66-lite`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2014-9461 and CVE-2014-9442, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
6
High or Critical
2
Patch Coverage
100%
Last Updated
Jan 22, 2024
Priority CVE Quick Links

Fast paths into Cart66 Lite :: WordPress Ecommerce CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
5
CVE-2014-9442 High 1.5.4
CVE-2014-9442 Cart66 Lite :: WordPress Ecommerce SQL Injection

Cart66 Lite :: WordPress Ecommerce <= 1.5.3 - SQL Injection

CVE-2014-9305 High 1.5.2
CVE-2014-9305 Cart66 Lite :: WordPress Ecommerce SQL Injection

Cart66 Lite :: WordPress Ecommerce < 1.5.2 - SQL Injection

CVE-2014-9461 Medium 1.5.4
CVE-2014-9461 Cart66 Lite :: WordPress Ecommerce Vulnerability

Cart66 Lite - WordPress Ecommerce < 1.5.4 - Directory Traversal to Arbitrary File Disclosure

CVE-2013-5977 Medium 1.5.1.15
CVE-2013-5977 Cart66 Lite :: WordPress Ecommerce Cross-Site Scripting

Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Request Forgery

CVE-2013-5978 Medium 1.5.1.15
CVE-2013-5978 Cart66 Lite :: WordPress Ecommerce Cross-Site Scripting

Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Cart66 Lite :: WordPress Ecommerce so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
6 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 2 high severity findings.
Recent CVEs
CVE-2014-9461 and CVE-2014-9442
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Cart66 Lite :: WordPress Ecommerce

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes
Cart66 Lite :: WordPress Ecommerce <= 1.5.4 - Reflected Cross-Site Scripting

The Cart66 Lite :: WordPress Ecommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘status’ parameter in versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated at...

Published
Jan 26, 2015
Patched Release
1.5.5
Affected Versions
Versions before 1.5.5
Next Step
Update to 1.5.5 or newer if supported.
Open Full Report
Plugin Medium Patched: Yes CVE-2014-9461
CVE-2014-9461: Cart66 Lite - WordPress Ecommerce < 1.5.4 - Directory Traversal to Arbitrary File Disclosure

Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php.

Published
Jan 01, 2015
Patched Release
1.5.4
Affected Versions
Versions before 1.5.4
Next Step
Update to 1.5.4 or newer if supported.
Open CVE-2014-9461 Report Open CVE Reference
Plugin High Patched: Yes CVE-2014-9442
CVE-2014-9442: Cart66 Lite :: WordPress Ecommerce <= 1.5.3 - SQL Injection

SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php.

Published
Dec 22, 2014
Patched Release
1.5.4
Affected Versions
Versions before 1.5.4
Next Step
Update to 1.5.4 or newer if supported.
Open CVE-2014-9442 Report Open CVE Reference
Plugin High Patched: Yes CVE-2014-9305
CVE-2014-9305: Cart66 Lite :: WordPress Ecommerce < 1.5.2 - SQL Injection

SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-adm...

Published
Dec 03, 2014
Patched Release
1.5.2
Affected Versions
Versions before 1.5.2
Next Step
Update to 1.5.2 or newer if supported.
Open CVE-2014-9305 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2013-5977
CVE-2013-5977: Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Request Forgery

Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS...

Published
Aug 01, 2014
Patched Release
1.5.1.15
Affected Versions
Versions before 1.5.1.15
Next Step
Update to 1.5.1.15 or newer if supported.
Open CVE-2013-5977 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2013-5978
CVE-2013-5978: Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Scripting

Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php....

Published
Oct 11, 2013
Patched Release
1.5.1.15
Affected Versions
Versions before 1.5.1.15
Next Step
Update to 1.5.1.15 or newer if supported.
Open CVE-2013-5978 Report Open CVE Reference