Monday, November 12, 2012

Vulnerabilities in WP E-Commerce plugin for WordPress

DefenseCode released Security Advisory DC-2012-11-001 to address an issue that affects Wordpress WP E-Commerce Plugin, one which has more than 2 million downloads and is one of the most popular for WordPress. Advisory covered multiple vulnerabilities that were discovered during the security audit of the mentioned plugin. All vulnerabilities were discovered using DefenseCode's ThunderScan PHP, web application source code security analyzer. Bugs found by ThunderScan are High risk SQL injections and Cross Site Scripting which attacker can use to compromise the targeted system. DefenseCode has contacted the vendor and the vulnerabilities are fixed in the latest WP e-Commerce release (

You can find more details about the advisory here.

Soon, we’ll release a lot more vulnerabilities discovered by our ThunderScan software. Also, we’ll release a few interesting 0day vulnerabilities not related to web applications, so make sure that you’re subscribed to our RSS feed.



  1. Because of the modifying planet along with continual completely new information security research papers engineering that you can get, professionals must have to know the specific engineering which could boost success in their corporation.

  2. This blog is so nice to me. I will continue to come here again and again. Visit my link as well. Good luck obat aborsi cara menggugurkan kandungan cara menggugurkan kandungan obat penggugur kandungan tanda tanda kehamilan cara menggugurkan kandungan obat aborsi obat telat datang bulan jual obat aborsi

  3. Aside from the reliability of the brand, the best e-commerce business solutions are also well and heavily advertised. blackbird software services

  4. The article you have shared here very good. This is really interesting information for me. Thanks for sharing!
    hotmail login |hotmail sign in |free hotmail login