WP eCommerce 3.9.4

Today, we released WP eCommerce 3.9.4.  This is a security and maintenance release.  As such, we highly recommend updating your sites.  From our changelog, this release includes the following fixes:

  • Security Fix: Harden several instances of $_POST input that were not sanitized properly. Specifically, PayPal settings and Quick Edit fields for products.
  • Security Fix: Do not return visitor meta if WP eCommerce presumes a user to be a bot.
  • Enhancement: Provide a notice for users to repair their WP eCommerce tables if visitor and visitor meta tables are in need of repair. See #1901.
  • Fix: Notices on stats saving for products.

The primary fix here was due to a circumstance whereby user data could be exposed unintentionally.  If your visitor tables somehow became corrupted, our visitor meta API would think that all users were bots. As such, it would save user meta from humans (which, by the way, are not bots) to the same ID.  This would cause exposure of data from one human to another.  This is less than ideal.

As part of this update, we’ve added a routine to check if the tables are corrupt and in need of repair.  If so, you should see a notice in your admin dashboard.  However, if that doesn’t show up for any reason, you can define the WP_ALLOW_REPAIR constant in your wp-config.php file – or add “add_filter( ‘wpsc_tables_need_repair’, ‘__return_true’ );” to your functions.php file in your theme.

Please update today 🙂

10 responses... add one

Since WordPress version is upgraded to 4.3, some of the plugin features did not work any more. To be more precise, shipping calculator (which worked perfectly before upgrade, and without any setup changes) does not show calculated amounts on the checkout page anymore, regardless on shipping calculation type. Also, some of the previously localized strings are back to default (English) language. Although we can try to translate reverted strings again, we would appreciate any help with shipping costs calculation problem, since our clients at the moment are getting the wrong info in attempt to order our goods. Please, help!

Hi Deb,

Are you getting a specific error in your plugin area? You should be able to automatically update it the same way you update any plugin.

this has taken down my site!!!! HELP!!!!!!!!!!!!!!!!
Fatal error: WPSC_Countries::get_countries(): The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "WPSC_Data_Map" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition in /home/content/p3nexnas06_data03/01/2186801/html/wp-content/plugins/wp-e-commerce/wpsc-includes/wpsc-countries.class.php on line 462

Fatal error: WPSC_Countries::_dirty(): The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "WPSC_Data_Map" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition in /home/content/p3nexnas06_data03/01/2186801/html/wp-content/plugins/wp-e-commerce/wpsc-includes/wpsc-countries.class.php on line 1142

Don’t know if due to this update or something is wrong…… when I put a sales price next to the regular price at the product page nothing changes price wise, it still shows the old price and sales price as both the same, although it does state what the difference is between the regular price and the sales price BUT it shows the same price, not the discounted sales price, any idea please, thanks! Martin

Hi! I cant use 1on1 support! Even if I have a legal API key it says that it insufficient!
I found a bug.
When I am logged in as an admin, products page layout is like in my theme: all the buttons and fonts are from my theme, but when I log out, products page changes to getshopped default: all the grid view blocks are getshopped default and all the buttons and fonts too. I achieved this bug while tested new premium store theme, but this bug happens even if I use WordPress default theme. Plese Help!

Having two problems.
1. When I receive the sale report via email if they used the Manual Method for payment the email shows:
Payment Method: Manual Payment
If they select Pay Pal it shows:
Payment Method:

2. In the Store Sales area in the WP Dashboard area all of the sales show the Customer as “No name provided” but when you click on “No name provided” and go to the Sales Log Details page there is no contact info above but all of their contact shows up under Additional Checkout Fields.

WHen logged in I can get flat shipping to work. When I log out, I cannot get anything to check out and it asks for shipping location. “Sorry, online ordering is unavailable to this destination and/or weight. Please double check your destination details. – See more at: http://rapunzelsonline.com/products/checkout/

I’ve updated everything, deactivated plugins, tried default themes… nothing fixes it. Help, customer is losing sales and need this resolved!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.