WP eCommerce Plugin has new security vulnerability!

Do you use the popular WP eCommerce WordPress plugin?  If so you need to update it immediately.

Sucuri released a security advisory today concerning this new security issue. This is a very dangerous vulnerability which could be used to gain access to your website and then modify private information in the site.

Sucuri’s blog states, “The vulnerability allows an attacker to export all user names, addresses and other confidential information of any one that ever made a purchase through the plugin. It also allows an attacker to modify someone’s orders (e.g., non-paid to paid and vice versa). It was discovered and disclosed this week, the development team immediately patched by the WP eCommerce team. They also released the update 3.8.14.4 to fix this issue.

If you are using WP eCommerce 3.8.14.3 or lower on your website, you are vulnerable to being hacked.

Sucuri added, ” An attacker could perform administrative-related tasks without actually being authenticated as an administrator on the target website. Using this vulnerability, one could send a few requests to the websites database, dumping all client personal information (including names, emails, addresses, etc…). It is also possible for someone to buy products and change the status of their transaction to Accepted Payment without actually making the payment.

You can find the original post and additional information on the Surci website, here is the link:  http://goo.gl/jk7eV9

 

 

 

 

Qlossal Media/QlossalMedia.com © 2010-2015 Frontier Theme
Optimization WordPress Plugins & Solutions by W3 EDGE