RSS Feed     Twitter     Facebook
Getting Married
Read Detail
Live Demo
Buy Now
Persona – Responsive
Read Detail
Live Demo
Buy Now
Stand Responsive
Read Detail
Live Demo
Buy Now
Moments
Read Detail
Live Demo
Buy Now
Class-S
Read Detail
Live Demo
Buy Now

WPTavern: WP eCommerce 3.11.4 Patches SQL Injection Vulnerability

Font size:
  • SumoMe

Over the weekend, the WP eCommerce team released version 3.11.4 of its e-commerce plugin. The update patches an SQL injection vulnerability that was responsibly disclosed by Mika Epstein, a member of the WordPress.org plugin review team.

According to Justin Sainton, lead developer of WP eCommerce, the team was notified of the vulnerability on November 11th and patched within an hour. The update was available on WordPress.org the following day.

“This vulnerability only affects users who use eWay as their payment gateway, have Gold Cart activated, and are using the as-of-yet-unreleased Theme Engine 2.0,” Sainton said.

“We believe the number of users affected is likely close to zero, due to these conditions.”

Users are highly encouraged to update as soon as possible. Created in 2006, WP eCommerce is one of the oldest plugins in the directory and is actively installed on more than 40K sites.

Share with: Twitter Delicious Facebook Digg Stumbleupon Wordpress Googlebuzz Myspace Gmail Newsvine Favorites More
You can leave a response, or trackback from your own site.
Some More Popular News

Leave a Reply

 

Recent Search

TheTechjournal.com
Copyright© 2017 WPFire | All Right Reserved.