WP eCommerce 3.11.4: Security Update

We’ve just released WP eCommerce 3.11.4.  This is a highly recommended update.

We were notified of a security vulnerability – a SQL injection vulnerability. It was responsibly disclosed by the plugins team at WordPress.org – we’re grateful for their disclosure and discretion.  We were notified yesterday, patched on GitHub within an hour of being notified, and pushed a release to WordPress.org this morning.

This vulnerability only affects users who use eWay as their payment gateway, have Gold Cart activated, and are using the as-of-yet-unreleased Theme Engine 2.0.  We believe the number of users affected is likely close to zero, due to these conditions – but still, we highly recommend updating.

Thanks again to our wonderful user community, our developer team, and the great folks at WordPress.org (thanks Mika!)