CVSS: 9.8EPSS: 0%CPEs: 68EXPL: 0CVE-2012-5310 – WP eCommerce < 3.8.7.6 - SQL Injection
https://notcve.org/view.php?id=CVE-2012-5310
08 Oct 2012 — SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el plugin WP e-Commerce anterior a v3.8.7.6 para WordPress, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores desconocidos • http://secunia.com/advisories/47627 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 1CVE-2011-5104 – WP eCommerce < 3.8.7.2 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5104
21 Nov 2011 — Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en wpsc-admin/display-sales-logs.php en el plugin para Wordpress e-Commerce v3.8.7.1 y posiblemente anteriores que permite a atacantes re... • http://osvdb.org/77249 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •