WP eCommerce is WordPress plugin used by eCommerce web site to sell products online.
There is a medium severity vulnerability discovered in the WordPress WP eCommerce plugin. The vulnerability has been patched and if you are using the plugin we encourage you to update at your earliest convenience.
The security issue was patched in version 18.104.22.168, now available in the WordPress repository.
What are the risks?
Any WordPress based website running the WP eCommerce version 22.214.171.124 (or lower) are at risk. An attacker could perform administrative-related tasks without actually being authenticated as an administrator on the target website. Using this vulnerability, one could send a few requests to the websites database, dumping all client personal information (including names, emails, addresses, etc…). It is also possible for someone to buy products and change the status of their transaction to Accepted Payment without actually making the payment.
If you are using Sucuri Website Firewall, you are protected against this vulnerability. If you use an affected version of this plugin, please update it as soon as possible.