WordPress WP E-Commerce 3.8.9 SQL Injection / Cross Site Scripting Software: WP e-Commerce Software Language: PHP Version: 3.8.9 and below Vendor Status: Vendor contacted Release Date: 2012-11-12 Risk: High 1. General Overview =================== During the security audit of WP E-Commerce plugin for WordPress CMS, multiple vulnerabilities were discovered using DefenseCode ThunderScan PHP web application source code security analysis platform. More information about ThunderScan PHP is available at URL: http://www.defensecode.com/subcategory/thunderscan-8 Detailed report for each vulnerability can be found in the following PDF report: http://www.defensecode.com/public/wp-e-commerce_security_audit_final_report.pdf Report has been generated by ThunderScan PHP Web Application Source Code Security Analysis. 2. Software Overview =================== WP e-Commerce is a popular e-commerce plugin for WordPress. Users can use it to to sell products, downloads or services online. It has more than 2 Million downloads on wordpress.org. Homepage: http://wordpress.org/extend/plugins/wp-e-commerce/ http://getshopped.org/ 3. Brief Vulnerability Description ================================== During the security analysis, ThunderScan PHP discovered multiple SQL Injection and Cross Site Scripting vulnerabilities in WP e-Commerce plugin. 3.1. SQL injection File: wp-e-commerce\wpsc-includes\purchaselogs.class.php Function: get_results($sql) Variable: $_POST['view_purchlogs_by_status'] Called from (function line file): get_purchlogs() 699 wp-e-commerce\wpsc-core\wpsc-deprecated.php 3.2 SQL injection File: wp-e-commerce\wpsc-includes\purchaselogs.class.php Function: get_results( $sql ) Variable: $_POST['view_purchlogs_by_status'] Called from (function line file): get_purchlogs() 681 wp-e-commerce\wpsc-core\wpsc-deprecated.php 3.3 SQL injection File: wp-e-commerce\wpsc-includes\purchaselogs.class.php Function: get_results( $sql ) Variable: $_GET['view_purchlogs_by_status'] Called from (function line file): get_purchlogs() 525 wp-e-commerce\wpsc-includes\purchaselogs.class.php 3.4 SQL injection File: wp-e-commerce\wpsc-includes\purchaselogs.class.php Function: get_results( $sql ) Variable: $_GET['view_purchlogs_by_status'] Called from (function line file): get_purchlogs() 543 wp-e-commerce\wpsc-includes\purchaselogs.class.php 3.5 SQL injection File: wp-e-commerce\wpsc-includes\purchaselogs.class.php Function: get_results( $sql ) Variable: $_GET['view_purchlogs_by_status'] Called from (function line file): get_purchlogs() 534 wp-e-commerce\wpsc-includes\purchaselogs.class.php 3.6 SQL injection File: wp-e-commerce\wpsc-includes\purchaselogs.class.php Function: get_results( $sql ) Variable: $_POST['view_purchlogs_by_status'] Called from (function line file): get_purchlogs() 689 wp-e-commerce\wpsc-core\wpsc-deprecated.php 3.7 Cross-Site Scripting File: wp-e-commerce\wpsc-admin\includes\purchase-log-list-ta ble-class.php Function: echo ('<input type="hidden" name="m" value="' . $m . '" />') Variable: $_REQUEST['m'] 4. Solution =========== Vendor resolved security issues in latest WP e-Commerce release. All users are strongly advised to update WP e-Commerce plugin to the latest available version 3.8.9.1. # 1337day.com [2012-11-19]
WordPress WP E-Commerce 3.8.9 SQL Injection / Cross Site Scripting
WordPress WP E-Commerce 3.8.9 SQL Injection / Cross Site Scripting | Juno_okyo's Blog
Leader at J2TEAM. Website: https://j2team.dev/