Posts Tagged ‘WP eCommerce plugin’

Wordpress VulnerabilitiesInformation leak and access control bypass in WordPress WP eCommerce Plugin

Exploitation of this vulnerability allows criminals to export all the user names, addresses and other confidential information of clients.

Experts of the company Sucuri found dangerous vulnerability in the plugin “WP eCommerce”, which allows attackers to easily access and edit personal information of users.

Exploitation of the vulnerability allows criminals to export all the user names, addresses and other confidential information of clients that ever made a purchase through the plugin. Also, attackers can change the status of the order (from non-paid to paid and vice versa). At the moment, the plugin developer has released a patched version of WP eCommerce 3.8.14.4. (more…)