Description
WordPress Plugin WP eCommerce is prone to an SQL injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. WordPress Plugin WP eCommerce version 3.8.4 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 3.8.5 or latest
References
http://www.securityfocus.com/bid/48717/exploit
http://www.exploit-db.com/exploits/17613/
http://packetstormsecurity.com/files/view/103138/wpecommerce-sql.txt
Related Vulnerabilities
WordPress Plugin Generate PDF using Contact Form 7 Cross-Site Scripting (3.5)
XWiki Missing Authorization Vulnerability (CVE-2022-23617)
Apache HTTP Server CVE-2004-0809 Vulnerability (CVE-2004-0809)
WordPress Plugin Search and Share Cross-Site Scripting (0.9.3)
WordPress Direct Request ('Forced Browsing') Vulnerability (CVE-2005-1688)