CVE-2014-10017
Welcart e-Commerce plugin for WordPress is affected (version 1.3.12). The vulnerability is an SQL injection (CWE-89) in the usces_itemedit page, exploitable via the changeSort or switch parameter to wp-admin/admin.php, allowing remote attackers to influence the database. Remediation is to apply t...