Tag: ecommerce
-
WP Plugin Security: WP Shopping Cart/WP eCommerce Security Holes
Another week, another security hole. This time I have found several holes in ajax-and-init.php from WP-eCommerce v3.7.4 aka WP Shopping Cart. It is the latest stable version. Let’s go. The first issue is an unrestricted file deletion security breach. Remote attackers can trick a logged in WP user to click prepared links that can make…