Private info on WordPress sites can be accessed and modified
By Ionut Ilascu on November 1st, 2014 A vulnerability in the popular shopping cart plug-in WP eCommerce for WordPress website publishing platform permits unauthorized modification of orders, making non-paid ones appear as paid as well as extraction of confidential customer information.
The glitch consists in the fact that the “admin_init” hook can be called without authentication; this is similar to the vulnerability in MailPoet plugin that was disclosed responsibly by Sucuri at the beginning of July and which was the cause of thousands of websites getting hacked by the end of the month. Full Article
Security Flaw in WP eCommerce Plugin Allows Changing Purchase Information
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.