Is "WP eCommerce" safe?

WordPress Plugin security and safety information.

Rating: Unsafe Recommendations

WP eCommerce: Plugin Details

Type:	Plugin
Author:	WP eCommerce
URL:	https://wordpress.org/plugins/wp-e-commerce/
Latest Version:	3.15.1

WP eCommerce: Security Information

Insecure versions:	Up To 3.15.1
Known since:	2024-02-28 02:00:34

Insecure versions:	Up To 3.15.1
Known since:	2024-02-27 20:30:13

Insecure versions:	Up To 3.11.3
Known since:	2016-11-16 14:58:57

Insecure versions:	Up To 3.8.7.5
Known since:	2015-10-05 18:52:31
Description:	Unspecified SQL Injection Vulnerability

Insecure versions:	Versions 3.8.8 - 3.8.8.5
Known since:	2015-04-21 02:55:31
Description:	WP e-commerce - XSS Vulnerability

Insecure versions:	Versions 3.8.7 - 3.8.7.6
Known since:	2015-04-21 02:55:19
Description:	WP e-commerce - XSS Vulnerability

Insecure versions:	Versions 3.8.9 - 3.8.9.5
Known since:	2015-04-21 02:55:03
Description:	WP e-commerce - XSS Vulnerability

Insecure versions:	Versions 3.8.12 - 3.8.12.1
Known since:	2015-04-21 02:54:39
Description:	WP e-commerce - XSS Vulnerability

Insecure versions:	Versions 3.8.13 - 3.8.13.4
Known since:	2015-04-21 02:54:13
Description:	WP e-commerce - XSS Vulnerability

Insecure versions:	Versions 3.8.14 - 3.8.14.4
Known since:	2015-04-21 02:53:52
Description:	WP e-commerce - XSS Vulnerability

Insecure versions:	Versions 3.9 - 3.9.2
Known since:	2015-04-21 02:53:18
Description:	WP e-commerce - XSS Vulnerability

Insecure versions:	Up To 3.8.9.5
Known since:	2014-03-14 20:57:05
Description:	WP-e-Commerce 3.8.9.5 - save-data.functions.php GIF File Upload
More Information:

Insecure versions:	Up To 3.8.9.5
Known since:	2014-03-14 20:57:05
Description:	WP-e-Commerce 3.8.9.5 - ajax.php wpsc_action Parameter Remote Code Execution
More Information:

Insecure versions:	Up To 3.8.9.5
Known since:	2014-03-14 20:57:05
Description:	WP-e-Commerce 3.8.9.5 - misc.functions.php image_name Parameter Local File Inclusion
More Information:

Insecure versions:	Up To 3.8.9.5
Known since:	2014-03-14 20:57:05
Description:	WP-e-Commerce 3.8.9.5 - display-sales-logs.php c Parameter Remote Code Execution
More Information:

Insecure versions:	Up To 3.8.9.5
Known since:	2014-03-14 20:57:05
Description:	WP-e-Commerce 3.8.9.5 - Cross Site Scripting Vulnerability
More Information:

Insecure versions:	Up To 3.8.6
Known since:	2014-03-14 20:57:05
Description:	WP e-Commerce <= 3.8.6 - SQL Injection Vulnerability

Insecure versions:	Up To 3.8.6
Known since:	2014-03-14 20:57:05
Description:	WP e-Commerce 3.8.6 - wpsc-cart_widget.php cart_messages Parameter XSS

Insecure versions:	Up To 3.8.9.5
Known since:	2014-01-27 03:35:20
Description:	It is recommended to update this plugin as soon as possible or delete it if you are not currently using it.
Description:	Remote Code Execution

WP eCommerce: Safety Recommendations

We have rated WP eCommerce as Unsafe which means that all versions of the plugin have vulnerabilities.

We recommend that until an update is released do not use WP eCommerce.

WP eCommerce: Staying Up-to-date

Make sure your installation of WP eCommerce is safe with the following free Jetpack services for WordPress sites:

Updates & Management
Turn on auto-updates for WP eCommerce or manage in bulk.
Prevent Infiltrations
Automatic protection against brute force attacks and secure sign on.

Choose Your Plan

WP eCommerce: Keeping Safe

If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:

Automated Backups
Full backup of your entire site with unlimited storage space.
Restores & Migrations
Restore or migrate your site from a backup with one click.
Security Scanning
Regular, automated scans of your site for malware, threats, and hacks.
Expert Support
Fast, priority support for any WordPress security issue.

Choose Your Plan

About this information

This WordPress security information is part of our security library and is brought to you by Jetpack as part of our committment to a safer WordPress experience.

If you have any questions, please do not hesitate to contact us.