Urgent Plugin update for WP e-Commerce 3.8.6

Hi WPEC’ers, just echoing the urgent security announcement for WP e-Commerce over on GetShopped.org, the highlighted vulnerability within the Chronopay payment gateway allows an attacker to gain access to the WordPress database, this affects the latest 3.8 as well as legacy 3.7 releases making it absolutely critical to patch.

The GetShopped.org team have released a minor Plugin update for both the latest 3.8 and legacy 3.7 release, but if you’re like me and prefer to go in and make the change yourself here’s the walk through. Please note that the following assumes you don’t use the Chronopay payment gateway.

For WP e-Commerce 3.7 users

  1. Connect to your web server via FTP
  2. Open /wp-content/plugins/wp-e-commerce/merchants/
  3. Delete chronopay.php

For WP e-Commerce 3.8 users

  1. Connect to your web server via FTP
  2. Open /wp-content/plugins/wp-e-commerce/wpsc-merchants/
  3. Delete chronopay.php

That’s it!