WordPress Plugin Vulnerabilities

WP eCommerce <= 3.8.14.3 - Authorisation Bypass

Description

The WP eCommerce WordPress plugin was affected by an Authorisation Bypass security vulnerability.

Affects Plugins

Plugin icon
wp-e-commerce
Fixed in 3.8.14.4

References

URL
https://blog.sucuri.net/2014/10/security-advisory-medium-severity-wp-ecommerce-wordpress-plugin.html
URL
https://github.com/wp-e-commerce/WP-e-Commerce/commit/390c2ecc68027fbf21fb5d99a556d88c7bd8c05b

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
648da865-5b7e-4ca8-8252-18ae54dab7e5

Timeline

Publicly Published
2014-11-01 (about 11 years ago)
Added
2014-11-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-10-15
Title
Nextend Social Login Pro < 3.1.15 - Authentication Bypass
Published
2021-02-02
Title
MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple
Published
2025-03-13
Title
Civi <= 2.1.4 - Authentication Bypass via Password Update
Published
2024-08-09
Title
WooCommerce - Social Login < 2.7.6 - Authentication Bypass to Account Takeover
Published
2024-07-11
Title
MStore API – Create Native Android & iOS Apps On The Cloud < 4.15.0 - Authentication Bypass