Cyber threats 2014: Dangerous vulnerability found in WordPress WP eCommerce plugin

Posted: November 1, 2014 in Vulnerabilities
Tags: , , ,

Wordpress VulnerabilitiesInformation leak and access control bypass in WordPress WP eCommerce Plugin

Exploitation of this vulnerability allows criminals to export all the user names, addresses and other confidential information of clients.

Experts of the company Sucuri found dangerous vulnerability in the plugin “WP eCommerce”, which allows attackers to easily access and edit personal information of users.

Exploitation of the vulnerability allows criminals to export all the user names, addresses and other confidential information of clients that ever made a purchase through the plugin. Also, attackers can change the status of the order (from non-paid to paid and vice versa). At the moment, the plugin developer has released a patched version of WP eCommerce 3.8.14.4.

All web-sites based on WordPress, using the version of WP eCommerce 3.8.14.3 or later are at risk. This gap allows criminals to use the administrator rights to bypass authentication and by sending multiple queries to the database of web-sites,  to compromise personal information of the client (including names, physical addresses, email addresses, and etc.). Also, third-party entities may make a purchase of goods by changing transaction status to “accepted payment” without making the actual payment.

Sucuri Experts strongly recommend all users to upgrade the current version of the plugin.

WP eCommerce

Vulnerability: Security Bypass in WordPress WP eCommerce Plugin

Danger level: Medium Severity
Availability of fixes: Yes
Number of vulnerabilities: 1

CVSSv2 Rating: (AV: N / AC: L / Au: N / C: P / I: P / A: P / E: U / RL: O / RC: C) = Base: 7.5 / Temporal: 5.5
CVE ID: No Information
Vector of operation: Remote
Impact: Disclosure of sensitive data, Security Bypass

Affected products: WordPress WP eCommerce Plugin 3.x
Affected versions: WordPress WP eCommerce versions before 3.8.14.4

Description:
This vulnerability is similar to Mailpoet, disclosed a few weeks ago and allows a remote user to bypass security restrictions and gain access to important data.

The vulnerability is due to an error in the authentication mechanism in the processing of requests to the script “/wp-admin/admin-post.php”. The remote user may bypass authentication mechanism and gain access to confidential data.

Solution: Install the latest version 3.8.14.4 from the manufacturer.

References:
https://github.com/wp-e-commerce/WP-e-Commerce/commit/390c2ecc68027fbf21fb5d99a556d88c7bd8c05b


wordpress.orgManufacturer URL:
https://wordpress.org/plugins/wp-e-commerce/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s