Description
WordPress Plugin WP eCommerce is prone to an SQL injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. WordPress Plugin WP eCommerce version 3.8.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.8.6.1 or latest
References
http://www.securityfocus.com/bid/49612/exploit
http://www.exploit-db.com/exploits/17832/
http://packetstormsecurity.com/files/view/105084/wpecommerce386-sql.txt
Related Vulnerabilities
WordPress Plugin Post Logo Cross-Site Scripting (1.1b)
OpenSSL Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-0778)
Magento CVE-2019-8137 Vulnerability (CVE-2019-8137)
Drupal Core 4.7.x HTTP Response Splitting (4.7.0 - 4.7.7)
ReviveAdserver Session Fixation Vulnerability (CVE-2017-5831)