Monday, November 12, 2012

Vulnerabilities in WP E-Commerce plugin for WordPress

DefenseCode released Security Advisory DC-2012-11-001 to address an issue that affects Wordpress WP E-Commerce Plugin, one which has more than 2 million downloads and is one of the most popular for WordPress. Advisory covered multiple vulnerabilities that were discovered during the security audit of the mentioned plugin. All vulnerabilities were discovered using DefenseCode's ThunderScan PHP, web application source code security analyzer. Bugs found by ThunderScan are High risk SQL injections and Cross Site Scripting which attacker can use to compromise the targeted system. DefenseCode has contacted the vendor and the vulnerabilities are fixed in the latest WP e-Commerce release (

You can find more details about the advisory here.

Soon, we’ll release a lot more vulnerabilities discovered by our ThunderScan software. Also, we’ll release a few interesting 0day vulnerabilities not related to web applications, so make sure that you’re subscribed to our RSS feed.



  1. Because of the modifying planet along with continual completely new information security research papers engineering that you can get, professionals must have to know the specific engineering which could boost success in their corporation.