Urgent Plugin update for WP e-Commerce 3.8.6

Posted on by

Hi WPEC’ers, just echoing the urgent security announcement for WP e-Commerce over on GetShopped.org, the highlighted vulnerability within the Chronopay payment gateway allows an attacker to gain access to the WordPress database, this affects the latest 3.8 as well as legacy 3.7 releases making it absolutely critical to patch.

The GetShopped.org team have released a minor Plugin update for both the latest 3.8 and legacy 3.7 release, but if you’re like me and prefer to go in and make the change yourself here’s the walk through. Please note that the following assumes you don’t use the Chronopay payment gateway.

For WP e-Commerce 3.7 users

  1. Connect to your web server via FTP
  2. Open /wp-content/plugins/wp-e-commerce/merchants/
  3. Delete chronopay.php

For WP e-Commerce 3.8 users

  1. Connect to your web server via FTP
  2. Open /wp-content/plugins/wp-e-commerce/wpsc-merchants/
  3. Delete chronopay.php

That’s it!

Leave a Comment

Before you comment - Do you have a support request? If so, this is not the right place to post it. Please submit support requests for Premium Plugins on the Support page and in the community Support Forums for free Plugins.

Your email address will not be published. Required fields are marked *