Another round of #wordpress vulnerability disclosures has taken place with details made public on a handful of unpatched bugs in the CartPress ecommerce plugin.
These disclosures come on the heels of a separate disclosure of a zero-day in the WordPress core engine. Those vulnerabilities have since been patched.
The CartPress vulnerabilities were reported on three separate occasions by researchers at High Tech Bridge on April 8, 17 and 27.
Leave a reply
