More than 5000 electronic commerce (eCommerce) websites running wordpress have been exposed due to the flaw in a plugin. Researchers at High-Tech Bridge have identified several vulnerabilities in TheCartPress, an eCommerce plugin installed on more than 5,000 WordPress websites. According to experts, the plugin is plagued by security holes that can be exploited for cross-site scripting (XSS) attacks, arbitrary PHP code execution, and sensitive data disclosure.
Alerts
WordPress Security Updates
WordPress 4.2.1 has been released to address cross-site scripting vulnerability. Exploitation of this vulnerability could allow a remote attacker to take control of an affected website.
Users and administrators are encouraged to review the WordPress security released and apply the necessary updates.
WordPress Security Updates
WordPress 4.1.2 has been released to address multiple vulnerabilities, one of which could potentially allow a site to be compromised by a remote attacker. WordPress versions 4.1.1 and earlier are affected by the identified vulnerability.
Users and administrators are encouraged to review the WordPress security released and apply the necessary updates.
Mozilla Security Updates
The Mozilla Foundation has release Firefox 37.0.2 to address a vulnerability that may allow an attacker to take control of an affected system.
Users and administrators are encouraged to review the Security advisories released from Mozilla Foundation and apply the necessary updates.
Oracle Critical Patch Update Advisory for the month of April 2015
Oracle has released its Critical Patch Updates for April 2015 to address 98 new security fixes across multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.
This update contains security fixes for Oracle:
(a) Database Server
(b) Fusion Middleware
(c)Enterprise Manager Grid Control
(d) E-Business Suite
(e) Supply Chain Products Suite
(f) PeopleSoft Products
(g) JD Edwards Products
(h) Siebel CRM
(i) Communications Applications
(j) Retail Applications
(k) Health Sciences Applications
(l) Java SE
(m) Sun Systems Products Suite
(n) MySQL
Users and administrators are encouraged to review the advisories and apply the necessary updates.
Click here for more information.