Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2011-5104

Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information.

Published: Aug 23, 2012
Updated: Nov 9, 2025
CVE: CVE-2011-5104
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
getshopped / wp_e-commerce	-	3.8.7.1.x
getshopped / wp_e-commerce	3.6.5	3.6.5.x
getshopped / wp_e-commerce	3.6.6	3.6.6.x
getshopped / wp_e-commerce	3.6.7	3.6.7.x
getshopped / wp_e-commerce	3.6.8	3.6.8.x
getshopped / wp_e-commerce	3.6.9	3.6.9.x
getshopped / wp_e-commerce	3.6.10	3.6.10.x
getshopped / wp_e-commerce	3.6.11	3.6.11.x
getshopped / wp_e-commerce	3.6.12	3.6.12.x
getshopped / wp_e-commerce	3.6.13	3.6.13.x
getshopped / wp_e-commerce	3.7-beta2	3.7-beta2.x
getshopped / wp_e-commerce	3.7	3.7.x
getshopped / wp_e-commerce	3.7-beta3	3.7-beta3.x
getshopped / wp_e-commerce	3.7.1	3.7.1.x
getshopped / wp_e-commerce	3.7.2	3.7.2.x
getshopped / wp_e-commerce	3.7.3	3.7.3.x
getshopped / wp_e-commerce	3.7.4	3.7.4.x
getshopped / wp_e-commerce	3.7.5-beta2	3.7.5-beta2.x
getshopped / wp_e-commerce	3.7.5-rc1	3.7.5-rc1.x
getshopped / wp_e-commerce	3.7.5-rc2	3.7.5-rc2.x
getshopped / wp_e-commerce	3.7.5-rc4	3.7.5-rc4.x
getshopped / wp_e-commerce	3.7.5-beta1	3.7.5-beta1.x
getshopped / wp_e-commerce	3.7.5	3.7.5.x
getshopped / wp_e-commerce	3.7.5-rc3	3.7.5-rc3.x
getshopped / wp_e-commerce	3.7.5.1-beta	3.7.5.1-beta.x
getshopped / wp_e-commerce	3.7.5.1	3.7.5.1.x
getshopped / wp_e-commerce	3.7.5.2	3.7.5.2.x
getshopped / wp_e-commerce	3.7.5.3	3.7.5.3.x
getshopped / wp_e-commerce	3.7.6-rc4	3.7.6-rc4.x
getshopped / wp_e-commerce	3.7.6	3.7.6.x
getshopped / wp_e-commerce	3.7.6-rc3	3.7.6-rc3.x
getshopped / wp_e-commerce	3.7.6-rc2	3.7.6-rc2.x
getshopped / wp_e-commerce	3.7.6-rc1	3.7.6-rc1.x
getshopped / wp_e-commerce	3.7.6.1	3.7.6.1.x
getshopped / wp_e-commerce	3.7.6.2	3.7.6.2.x
getshopped / wp_e-commerce	3.7.6.3	3.7.6.3.x
getshopped / wp_e-commerce	3.7.6.4	3.7.6.4.x
getshopped / wp_e-commerce	3.7.6.5	3.7.6.5.x
getshopped / wp_e-commerce	3.7.6.6	3.7.6.6.x
getshopped / wp_e-commerce	3.7.6.7	3.7.6.7.x
getshopped / wp_e-commerce	3.7.6.9	3.7.6.9.x
getshopped / wp_e-commerce	3.7.7	3.7.7.x
getshopped / wp_e-commerce	3.7.8	3.7.8.x
getshopped / wp_e-commerce	3.7.8.1	3.7.8.1.x
getshopped / wp_e-commerce	3.7.8.2	3.7.8.2.x
getshopped / wp_e-commerce	3.7.8.3	3.7.8.3.x
getshopped / wp_e-commerce	3.8-rc1	3.8-rc1.x
getshopped / wp_e-commerce	3.8	3.8.x
getshopped / wp_e-commerce	3.8-beta2	3.8-beta2.x
getshopped / wp_e-commerce	3.8-rc4	3.8-rc4.x
getshopped / wp_e-commerce	3.8-rc2	3.8-rc2.x
getshopped / wp_e-commerce	3.8-beta1	3.8-beta1.x
getshopped / wp_e-commerce	3.8-beta3	3.8-beta3.x
getshopped / wp_e-commerce	3.8-rc3	3.8-rc3.x
getshopped / wp_e-commerce	3.8.1	3.8.1.x
getshopped / wp_e-commerce	3.8.2	3.8.2.x
getshopped / wp_e-commerce	3.8.3	3.8.3.x
getshopped / wp_e-commerce	3.8.4	3.8.4.x
getshopped / wp_e-commerce	3.8.5	3.8.5.x
getshopped / wp_e-commerce	3.8.6	3.8.6.x
getshopped / wp_e-commerce	3.8.6.1	3.8.6.1.x
getshopped / wp_e-commerce	3.8.7	3.8.7.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo