🦸 Calling all superheroes! Introducing the WordPress Superhero Challenge for the Wordfence Bug Bounty Program: Earn up to $31,200 for High Impact Vulnerabilities! Through October 14th, 2024, all vulnerabilities reported in plugins or themes with >= 5,000,000 active installs will be 3x our highest bounty rewards making our top reward $31,200. Check out the updated bounties here!

Cart66 Lite :: WordPress Ecommerce

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Cart66 Lite :: WordPress Ecommerce

Information

Software Type	Plugin
Software Slug	cart66-lite (view on wordpress.org)
Software Status	Removed
Software Author	reality66
Software Website	wordpress.org
Software Record Last Updated	September 18, 2024

6 Vulnerabilities

Submit a Vulnerability

Cart66 Lite :: WordPress Ecommerce <= 1.5.4 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Jan 26, 2015

Researchers: Kenneth Jepsen, Mikkel Vej, Morten Nortoft

Cart66 Lite - WordPress Ecommerce < 1.5.4 - Directory Traversal to Arbitrary File Disclosure

6.5

CVE-2014-9461

Jan 1, 2015

Researcher: James Hooker

Cart66 Lite :: WordPress Ecommerce <= 1.5.3 - SQL Injection

8.8

CVE-2014-9442

Dec 22, 2014

Researcher: James Hooker

Cart66 Lite :: WordPress Ecommerce < 1.5.2 - SQL Injection

8.8

CVE-2014-9305

Dec 3, 2014

Researcher: Kacper Szurek

Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Request Forgery

6.3

CVE-2013-5977

Aug 1, 2014

Researcher: absane

Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Scripting

6.1

CVE-2013-5978

Oct 11, 2013

Researcher: absane

Title	Status	CVE ID	CVSS	Researchers	Date
Cart66 Lite :: WordPress Ecommerce <= 1.5.4 - Reflected Cross-Site Scripting	Patched		6.1	Kenneth Jepsen, Mikkel Vej, Morten Nortoft	January 26, 2015
Cart66 Lite - WordPress Ecommerce < 1.5.4 - Directory Traversal to Arbitrary File Disclosure	Patched	CVE-2014-9461	6.5	James Hooker	January 1, 2015
Cart66 Lite :: WordPress Ecommerce <= 1.5.3 - SQL Injection	Patched	CVE-2014-9442	8.8	James Hooker	December 22, 2014
Cart66 Lite :: WordPress Ecommerce < 1.5.2 - SQL Injection	Patched	CVE-2014-9305	8.8	Kacper Szurek	December 3, 2014
Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Request Forgery	Patched	CVE-2013-5977	6.3	absane	August 1, 2014
Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Scripting	Patched	CVE-2013-5978	6.1	absane	October 11, 2013

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation