Analyst readout for executives and security teams
Plain-English summary
This old WordPress e-Commerce Plugin flaw can let a remote attacker upload an executable file and run it from the plugin directory. For an exposed site, that can mean website takeover or server-side code execution. The sources do not provide CVSS, patch details, or evidence of active exploitation.
Executive priority
Prioritize if any public WordPress property still uses this legacy plugin. A confirmed vulnerable deployment should be remediated urgently because the stated impact is arbitrary code execution. If no such plugin exists, document non-exposure and close with routine monitoring.
Technical view
CVE-2008-6811 is an unrestricted file upload in image_processing.php in e-Commerce Plugin 3.4 and earlier for WordPress. The CVE description says attackers can upload files with executable extensions and access them directly under wp-content/plugins/wp-shopping-cart/, resulting in arbitrary code execution.
Likely exposure
Exposure is most likely on legacy WordPress sites still running e-Commerce Plugin 3.4 or earlier, especially where wp-content/plugins/wp-shopping-cart/ is web-accessible. Current exposure depends on plugin presence, version, and whether executable uploads remain reachable.
Exploitation context
A public Exploit-DB reference exists, so defenders should treat exploit knowledge as public. The provided sources do not show CISA KEV listing or active exploitation in the wild. The issue is old, but forgotten WordPress plugins are common persistence and compromise paths.
Researcher notes
The CVE record provides the core technical claim but lacks CVSS, CWE, authentication requirements, and patch metadata. Treat product naming carefully: the source describes “e-Commerce Plugin 3.4 and earlier for Wordpress” and the wp-shopping-cart path. Do not infer active exploitation from the Exploit-DB listing alone.
Mitigation direction
- Identify WordPress sites running e-Commerce Plugin 3.4 or earlier.
- Check vendor or maintainer guidance for the supported fixed version or migration path.
- Disable or remove the vulnerable plugin where it is no longer required.
- Block web execution from plugin upload/storage directories where operationally safe.
- Remove suspicious executable files from wp-content/plugins/wp-shopping-cart/ after preserving evidence.
Validation and detection
- Confirm whether image_processing.php exists in the wp-shopping-cart plugin directory.
- Verify the installed plugin version against the 3.4-and-earlier affected range.
- Inspect wp-content/plugins/wp-shopping-cart/ for unexpected executable files.
- Review web logs for direct requests to files in that plugin directory.
- After remediation, verify executable uploads cannot be reached or run from that path.
Based on public source material and reviewed before publication.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
Execution behavior lookup
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
Open ATT&CK lookupFile access behavior lookup
The CVE wording references file access or upload behavior, so file telemetry and web shell review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
Open ATT&CK lookupCVE-2008-6811 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- 31982CVE reference · vdb-entry, x_refsource_BID
- 6867CVE reference · exploit, x_refsource_EXPLOIT-DB
- wpecommerce-imageprocessing-file-upload(46224)CVE reference · vdb-entry, x_refsource_XF
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
