Blog - Miscellaneous

Vulnerability found in WP eCommerce WordPress Plugin

Written by: Dan C, on 2014-10-31

According to Sucury, if your website is using the WP eCommerce WordPress plugin, a very popular plugin judging by the 2.900.000 downloads, you should update it right away because it holds a dangerous vulnerability that could be used to easily get access and modify private information in the website.

The vulnerability allows an attacker to get access to user names, addresses and other private information of any one that ever used the plugin to make a purchase .

Any WordPress based website running the WP eCommerce version 3.8.14.3 (or lower) are at risk. An attacker could perform administrative-related tasks without actually being authenticated as an administrator on the target website. Using this vulnerability, one could send a few requests to the websites database, dumping all client personal information (including names, emails, addresses, etc…). It is also possible for someone to buy products and change the status of their transaction to Accepted Payment without actually making the payment.

If you use an affected version of this plugin, please update it as soon as possible using the available patched version here.

Do you want to build a flawless website?