WP eCommerce Plugin Vulnerability Fixed

bash

Yesterday Sucuri reported a new vulnerability in WP eCommerce - a popular WordPress plugin for online stores. The vulnerability allows attackers to obtain private information from websites. All versions of the WP eCommerce extension before 3.8.14.4 are vulnerable and attackers may export all user accounts, addresses and other information related to people, who used your site and the plugin to purchase any products from your site.

We immediately wrote our own WAF security rules to block malicious requests that try to take advantage of this vulnerability. We performed extensive tests to make sure that regular requests will not be blocked. However, in some cases malicious requests cannot be differentiated from regular authorized requests and some users may be blocked by our WAF even if they are the administrators of the site. We advise all site owners that use the WP eCommerce extension to upgrade it to the latest stable version 3.8.14.4. If you’re using the WP eCommerce extension and you see an error that your request is blocked by our WAF please post a support ticket via our HelpDesk and we will resolve the case for you.

Enterprise Cloud Solutions Architect

My challenging job is closely related to all kinds of Free and Open-Source Software products (some of my favorites are WordPress, Joomla!, Magento, Varnish and Apache mod_security). As a Web security and performance freak I am always hyper focused on solving all kinds of issues and improving our services.

Reply

* (Required)