WordPress Security: Vulnerability in WP eCommerce Plugin
This entry was posted in WordPress Security on October 31, 2014 by Mark Maunder 5 Replies
A serious vulnerability was announced within the last 24 hours in the WP eCommerce Plugin. The authors have released a fix and you are encouraged to update immediately. The fixed version is 184.108.40.206.
The vulnerability allows an attacker to export user names, addresses, and other private information. It also allows an attacker to modify orders.
We are receiving reports as of 11am Pacific Time that hosting companies (Bluehost specifically) are automatically updating this plugin to the newest version if they detect that you have it installed, but please don’t rely on this. Take action now to protect your site.
This is an extremely popular plugin with approximately 3 million downloads, so please spread the word about this vulnerability now and help keep the community safe.