Unauthenticated SQL Injection Vulnerability in WP eCommerce Plugin
CVE-2024-1514
7.5HIGH
What is CVE-2024-1514?
The WP eCommerce plugin for WordPress exhibits a serious vulnerability that allows for execution of time-based blind SQL Injection attacks through the 'cart_contents' parameter. This flaw arises from inadequate escaping of user-supplied input, alongside a lack of necessary preparation for the existing SQL queries. As a result, this vulnerability empowers unauthenticated attackers to introduce arbitrary SQL queries into the existing ones, potentially leading to the unauthorized extraction of sensitive information stored in the database.
Affected Version(s)
WP eCommerce * <= 3.15.1