The WP eCommerce WordPress Plugin, with the record of over 2.9 million downloads, has been recently reported for a serious vulnerability found in it. The vulnerability can possibly lead to some users’ information leakage issues. If you have installed this plugin to your WordPress website, please update it to 18.104.22.168 version. And, make sure you perform a full site backup before updating the plugin.
What Exactly is the Problem?
Malicious attackers could use this vulnerability to get access and modify private information in the site that uses this plugin. For example, the vulnerability allows a malicious attacker to export all the user names and other confidential information of anyone that has previously made a purchase through the plugin. Furthermore, the attacker could also run administrative-related tasks without being authenticated as the administrator of the affected website. To learn more about this vulnerability, you can click this link to visit Sucuri, the online firm that offers website scanning, monitoring, and malware removal services.