WordPress e-commerce plug-in puts over 5,000 websites at risk

TheCartPress, an e-commerce plug-in used on thousands of WordPress-based websites, has several high-risk vulnerabilities.

There are currently no fixes available for the flaws and, according to its developer, support for the plug-in will be discontinued on June 1st.

The vulnerabilities could allow attackers to “execute arbitrary PHP code, disclose sensitive data, and perform Cross-Site Scripting [XSS] attacks against users of WordPress installations with the vulnerable plug-in,” researchers from security firm High-Tech Bridge said in an advisory Wednesday.

There are factors that limit the exploitation of some of the flaws, but they still pose a significant risk.

To read this article in full or to leave a comment, please click here