An SQL Injection vulnerability was found by Miroslav Stampar in Wordpress WP e-Commerce plugin, versions <=3.8.6

We have checked and noticed that newer versions of this plugin still contain this bug, which could be exploited by malicious users to execute remote SQL commands on the Wordpress server.

6Scan has decided to add protection against the described vulnerability to our database, ignoring the plugin version. We have chosen to fix this bug in a way that will not interfere with plugin's normal work, even if the bug is fixed in the near future.