Description

WordPress Plugin WP eCommerce is prone to an SQL injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. WordPress Plugin WP eCommerce version 3.8.4 is vulnerable; other versions may also be affected.

Remediation

Update to plugin version 3.8.5 or latest

References

Related Vulnerabilities