Do you use the popular WP eCommerce WordPress plugin? If so you need to update it immediately.
Sucuri released a security advisory today concerning this new security issue. This is a very dangerous vulnerability which could be used to gain access to your website and then modify private information in the site.
Sucuri’s blog states, “The vulnerability allows an attacker to export all user names, addresses and other confidential information of any one that ever made a purchase through the plugin. It also allows an attacker to modify someone’s orders (e.g., non-paid to paid and vice versa). It was discovered and disclosed this week, the development team immediately patched by the WP eCommerce team. They also released the update 126.96.36.199 to fix this issue.
If you are using WP eCommerce 188.8.131.52 or lower on your website, you are vulnerable to being hacked.
Sucuri added, ” An attacker could perform administrative-related tasks without actually being authenticated as an administrator on the target website. Using this vulnerability, one could send a few requests to the websites database, dumping all client personal information (including names, emails, addresses, etc…). It is also possible for someone to buy products and change the status of their transaction to Accepted Payment without actually making the payment.
You can find the original post and additional information on the Surci website, here is the link: http://goo.gl/jk7eV9