WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. SQL injection vulnerability exists in versions of the WordPress WooCommerce Multivendor Marketplace plugin prior to 3.4.12. The vulnerability stems from the application’s lack of validation of externally entered SQL statements. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.