WP eCommerce Plugin Vulnerability Fixed

bash

Yesterday Sucuri reported a new vulnerability in WP eCommerce – a popular WordPress plugin for online stores. The vulnerability allows attackers to obtain private information from websites. All versions of the WP eCommerce extension before 3.8.14.4 are vulnerable and attackers may export all user accounts, addresses and other information related to people, who used your site and the plugin to purchase any products from your site.

We immediately wrote our own WAF security rules to block malicious requests that try to take advantage of this vulnerability. We performed extensive tests to make sure that regular requests will not be blocked. However, in some cases malicious requests cannot be differentiated from regular authorized requests and some users may be blocked by our WAF even if they are the administrators of the site. We advise all site owners that use the WP eCommerce extension to upgrade it to the latest stable version 3.8.14.4. If you’re using the WP eCommerce extension and you see an error that your request is blocked by our WAF please post a support ticket via our HelpDesk and we will resolve the case for you.

Daniel Kanchev

Product and Technology Lead

Daniel is responsible for bringing new products to life at SiteGround. This involves handling all types of tasks and communication across multiple teams. Enthusiastic about technology, user experience, security and performance, you can never be bored hanging around him. Also an occasional conference speaker and travel addict.

Start discussion

Related Posts