[Plugin update] Product Importer Deluxe 3.8.1 for WooCommerce

Hi WooCommerce store owners, the 3.8.1 Plugin update is a urgent security Plugin update to patch a Cross-Site Scripting (XSS) vulnerability in Product Importer Deluxe.

Here’s the full changelog:

Fixed

  • Sanitize GET and POST form attributes (thanks for reporting)

Added

  • Image import support for ftp:// public links

Download the latest Plugin update from My Account, or via Dashboard > Updates within the WordPress Administration and for more information visit the Plugin detail page for Product Importer Deluxe.

[Plugin update] Store Exporter Deluxe 5.2.1 for WooCommerce

Hi WooCommerce store owners, the 5.2.1 Plugin release is a urgent security Plugin update to patch a Cross-Site Scripting (XSS) vulnerability in Store Exporter Deluxe.

Here’s the full changelog:

Fixed

  • Sanitize GET and POST form attributes (thanks for reporting)

Download the latest Plugin update from My Account, or via Dashboard > Updates within the WordPress Administration and for more information visit the Plugin detail page for Store Exporter Deluxe.

Urgent Plugin update for WP e-Commerce 3.8.6

Hi WPEC’ers, just echoing the urgent security announcement for WP e-Commerce over on GetShopped.org, the highlighted vulnerability within the Chronopay payment gateway allows an attacker to gain access to the WordPress database, this affects the latest 3.8 as well as legacy 3.7 releases making it absolutely critical to patch.

The GetShopped.org team have released a minor Plugin update for both the latest 3.8 and legacy 3.7 release, but if you’re like me and prefer to go in and make the change yourself here’s the walk through. Please note that the following assumes you don’t use the Chronopay payment gateway.

For WP e-Commerce 3.7 users

  1. Connect to your web server via FTP
  2. Open /wp-content/plugins/wp-e-commerce/merchants/
  3. Delete chronopay.php

For WP e-Commerce 3.8 users

  1. Connect to your web server via FTP
  2. Open /wp-content/plugins/wp-e-commerce/wpsc-merchants/
  3. Delete chronopay.php

That’s it!