Description
WordPress Plugin WP eCommerce is prone to multiple cross-site scripting and SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to compromise the application, access or modify data or to exploit vulnerabilities in the underlying database. WordPress Plugin WP eCommerce version 3.8.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.8.9.1 or latest
References
Related Vulnerabilities
WordPress Plugin WP Sudoku Plus Unspecified Vulnerability (1.4)
Oracle Database Server CVE-2021-2332 Vulnerability (CVE-2021-2332)
WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Request Forgery (2.25.2)
WordPress Plugin Master Slider-Responsive Touch Slider Cross-Site Scripting (2.7.1)