ThreatPress

WordPress Vulnerabilities Database

Back

WordPress E-commerce Plugin <= 3.8.4 - SQL Injection Exploit

Product
E-commerce
Description
The plugin is prone to an SQL Injection Exploit. This code of this vulnerability has been released under the authorization of GetShopped staff. It shows user_login and user_pass of wp_users table.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 3.8.4
Fixed In 3.8.5
Disclosure date
2011-08-05
Credits
IHTeam