Description
WordPress Plugin WP eCommerce is prone to an SQL injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. WordPress Plugin WP eCommerce version 3.8.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.8.6.1 or latest
References
http://www.securityfocus.com/bid/49612/exploit
http://www.exploit-db.com/exploits/17832/
http://packetstormsecurity.com/files/view/105084/wpecommerce386-sql.txt
Related Vulnerabilities
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Cross-Site Scripting (2.6.6)
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.16)
Oracle Database Server CVE-2015-4753 Vulnerability (CVE-2015-4753)
Grafana Incorrect Authorization Vulnerability (CVE-2022-31107)
WordPress Plugin Post to Social Media-WordPress to Hootsuite Cross-Site Scripting (1.3.8)