WP eCommerce

Vulnerabilities 22Slug wp-e-commerceLatest version 3.15.1WordPress.org →Closed
N/A Unfixed Closed
2026-02-13≤ 3.15.1

eCommerce <= 3.15.1 - Cross-Site Request Forgery to Coupon Deletion

WordfenceCVE
N/A Unfixed Closed
2026-01-21≤ 3.15.1

eCommerce <= 3.15.1 - Unauthenticated PHP Object Injection

WordfenceCVE
N/A Closed
< 3.8.9.1

WP eCommerce 3.8.9 - Cross-Site Scripting (XSS)

WPScan
N/A Closed
< 3.8.9.1

WP eCommerce 3.8.9 - SQL Injection

WPScan
N/A Closed
< 3.8.8

WP eCommerce 3.8.6 - Cross-Site Scripting (XSS)

WPScan
N/A Closed
< 3.8.14.4

WP eCommerce &lt;= 3.8.14.3 - Authorisation Bypass

WPScan
N/A Closed
< 3.8.12

WP eCommerce 3.8.9.5 - Cross-Site Scripting (XSS)

WPScan
N/A Closed
< 3.8.6.1

WP eCommerce &lt;= 3.8.6 - SQL Injection

WPScan
N/A Closed
< 3.9.3

WP eCommerce &lt;= 3.9.2 - Reflected Cross-Site Scripting (XSS)

WPScan
N/A Closed
< 3.11.4

WP eCommerce &lt;= 3.11.3 - SQL Injection in sessionid

WPScan
N/A Closed
2014-08-01< 3.8.9.1

WP eCommerce <= 3.8.9 - SQL Injection

Wordfence
N/A Closed
2014-08-01< 3.8.9.1

WP eCommerce <= 3.8.9 - Cross-Site Scripting

Wordfence
N/A Closed
2014-11-01< 3.8.14.4

WP eCommerce <= 3.8.14.3 - Missing Authorization

Wordfence
N/A Closed
2015-04-20< 3.9.3

WP eCommerce <= 3.9.2 - Reflected Cross-Site Scripting

Wordfence
N/A Closed
2016-11-12< 3.11.4

WP eCommerce < 3.11.4 - SQL Injection

Wordfence
N/A Closed
2014-01-24≤ 3.8.9.5

WordPress WP e-Commerce Plugin - Multiple Security Vulnerabilities

Patchstack
N/A Closed
2011-09-14< 3.8.7

WordPress e-Commerce Plugin <= 3.8.6 - SQL Injection

Patchstack
N/A Closed
2011-08-04≤ 3.8.6

WordPress WP e-Commerce Plugin 3.8.6 - Cross Site Scripting

Patchstack