1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress e-commerce plug-in puts over 5,000 websites at risk

Discussion in 'Network World' started by RSS, Apr 30, 2015.

  1. RSS

    RSS New Member Member

    TheCartPress, an e-commerce plug-in used on thousands of WordPress-based websites, has several high-risk vulnerabilities.

    There are currently no fixes available for the flaws and, according to its developer, support for the plug-in will be discontinued on June 1st.

    The vulnerabilities could allow attackers to “execute arbitrary PHP code, disclose sensitive data, and perform Cross-Site Scripting [XSS] attacks against users of WordPress installations with the vulnerable plug-in,” researchers from security firm High-Tech Bridge said in an advisory Wednesday.

    There are factors that limit the exploitation of some of the flaws, but they still pose a significant risk.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page