CVE-2012-5310
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/47627
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| getshopped | wp_e-commerce | {"endIncluding":"3.8.7.5"} | |
| getshopped | wp_e-commerce | 3.6.5 | |
| getshopped | wp_e-commerce | 3.6.6 | |
| getshopped | wp_e-commerce | 3.6.7 | |
| getshopped | wp_e-commerce | 3.6.8 | |
| getshopped | wp_e-commerce | 3.6.9 | |
| getshopped | wp_e-commerce | 3.6.10 | |
| getshopped | wp_e-commerce | 3.6.11 | |
| getshopped | wp_e-commerce | 3.6.12 | |
| getshopped | wp_e-commerce | 3.6.13 | |
| getshopped | wp_e-commerce | 3.7 | |
| getshopped | wp_e-commerce | 3.7.1 | |
| getshopped | wp_e-commerce | 3.7.2 | |
| getshopped | wp_e-commerce | 3.7.3 | |
| getshopped | wp_e-commerce | 3.7.4 | |
| getshopped | wp_e-commerce | 3.7.5 | |
| getshopped | wp_e-commerce | 3.7.5.1 | |
| getshopped | wp_e-commerce | 3.7.5.2 | |
| getshopped | wp_e-commerce | 3.7.5.3 | |
| getshopped | wp_e-commerce | 3.7.6 | |
| getshopped | wp_e-commerce | 3.7.6.1 | |
| getshopped | wp_e-commerce | 3.7.6.2 | |
| getshopped | wp_e-commerce | 3.7.6.3 | |
| getshopped | wp_e-commerce | 3.7.6.4 | |
| getshopped | wp_e-commerce | 3.7.6.5 | |
| getshopped | wp_e-commerce | 3.7.6.6 | |
| getshopped | wp_e-commerce | 3.7.6.7 | |
| getshopped | wp_e-commerce | 3.7.6.9 | |
| getshopped | wp_e-commerce | 3.7.7 | |
| getshopped | wp_e-commerce | 3.7.8 | |
| getshopped | wp_e-commerce | 3.7.8.1 | |
| getshopped | wp_e-commerce | 3.7.8.2 | |
| getshopped | wp_e-commerce | 3.7.8.3 | |
| getshopped | wp_e-commerce | 3.8 | |
| getshopped | wp_e-commerce | 3.8.1 | |
| getshopped | wp_e-commerce | 3.8.2 | |
| getshopped | wp_e-commerce | 3.8.3 | |
| getshopped | wp_e-commerce | 3.8.4 | |
| getshopped | wp_e-commerce | 3.8.5 | |
| getshopped | wp_e-commerce | 3.8.6 | |
| getshopped | wp_e-commerce | 3.8.6.1 | |
| getshopped | wp_e-commerce | 3.8.7 | |
| getshopped | wp_e-commerce | 3.8.7.1 | |
| getshopped | wp_e-commerce | 3.8.7.2 | |
| getshopped | wp_e-commerce | 3.8.7.3 | |
| getshopped | wp_e-commerce | 3.8.7.4 | |
| getshopped | wp_e-commerce | 3.8.8 | |
| wordpress | wordpress | - | |
References
- http://secunia.com/advisories/47627
- http://wordpress.org/extend/plugins/wp-e-commerce/changelog/
- http://www.securityfocus.com/bid/51637
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72622
- http://secunia.com/advisories/47627
- http://wordpress.org/extend/plugins/wp-e-commerce/changelog/
- http://www.securityfocus.com/bid/51637
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72622
CWEs
CWE-89
Verify integrity in audit chain (admin only). AS-IS.