WordPress Plugin Vulnerabilities

WP eCommerce <= 3.8.6 - SQL Injection

Description

The WP eCommerce WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
wp-e-commerce
Fixed in 3.8.6.1

References

Exploitdb
17832

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Verified
No
WPVDB ID
0bf67afb-b8ff-4b85-9d70-1b5fa3933131

Timeline

Publicly Published
2015-02-09 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2025-09-11
Title
WP Reactions Box <= 1.0 - Unauthenticated SQLi
Published
2025-04-17
Title
Quentn WP < 1.2.9 - Unauthenticated SQL Injection
Published
2017-02-18
Title
Mail Masta 1.0 - Multiple SQL Injection
Published
2025-11-07
Title
Quick Featured Images < 13.7.4 - Authenticated (Editor+) SQL Injection via delete_orphaned
Published
2025-05-27
Title
Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection