This vulnerability in WP EasyCart (<= 5.8.13) involves improper neutralization of special elements in SQL commands, enabling blind SQL injection attacks. An attacker with low privileges can exploit this remotely without user interaction, potentially compromising confidentiality of the database. The CVSS score is 8.5 (high), reflecting network attack vector, low attack complexity, and significant confidentiality impact with no integrity impact and low availability impact. No patch or official remediation guidance is currently documented.

Successful exploitation could allow an attacker to extract sensitive information from the database due to blind SQL injection, impacting confidentiality significantly. Integrity is not affected, and availability impact is low. The vulnerability requires low privileges but no user interaction, making it relatively accessible to attackers with some access.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to the affected plugin and monitor for suspicious activity related to SQL injection attempts. Avoid granting unnecessary privileges to users interacting with WP EasyCart.