SQL Injection Vulnerability in WP e-Commerce Plugin for WordPress
CVE-2012-5310

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP E-commerce
Vendor: CVE Published:; 8 October 2012

What is CVE-2012-5310?

A SQL injection vulnerability exists in the WP e-Commerce plugin for WordPress prior to version 3.8.7.6. This flaw can be exploited by remote attackers to execute arbitrary SQL commands, potentially allowing them to manipulate the database and retrieve sensitive information. Attackers may exploit this vulnerability through unspecified vectors, making it crucial for users to maintain updated versions of the plugin to mitigate risks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72622

vdb-entryx_refsource_XF

http://wordpress.org/extend/plugins/wp-e-commerce/changelog/

x_refsource_CONFIRM

http://secunia.com/advisories/47627

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2012
Vulnerability Reserved
Oct 8, 2012

Wordpress

What is CVE-2012-5310?

References

Timeline