When Development Flaws Kill Plugins: TheCartPress Story
- May 6, 2015
- Leave a comment
With the exception of SEO plugins, those that are eCommerce Centric are the most sought-after, popular entities on the market.
In the grand scheme of things, there really aren’t too many of them. Many premium WordPress themes will include built-in eCommerce functions as part of a package, but if you’re in favor of building your WP site from the ground up you’re often stuck with whatever semi-mediocre plugin is available to you.
Recently, TheCartPress, a popular eCommerce plugin, has been discovered as completely unsafe – unsafe to the extreme that the developers are dropping it entirely. RIP.
As a matter of fact, TheCartPress’s situation is particularly unique in that while the rest of the WP world is scrambling to safeguard their own vulnerable systems and plugins at a rapid degree, developer support for TCP will cease entirely on June 1st.
Researchers from security firm HighTech Bridge said these particular weaknesses could enable those with ill intent to,
“…execute arbitrary PHP code, disclose sensitive data, and perform Cross-Site Scripting [XSS] attacks against users of WordPress installations with the vulnerable plug-in…”
Though many who currently run the plugin on their own sites are likely concerned, what’s most frightening to experts is that they may maintain their utilization of it, allowing customer information to go unprotected without their knowledge. One of the most detrimental vulnerabilities in particular is a hacker’s ability to see what customers have purchased, including payment information.
The plugin is presently active on over 5,000 websites.
No word yet as to why exactly the developers behind TCP have chosen not to assist their downloaders or alleviate the problem in any way, but it seems that it’s simply not cost effective for them. In other words, it’s not worth the time.
This is a common problem when it comes to one-size-fits-all solutions, and though it’s not surprising, it is important to protect oneself from recurring issues such as these.
If you’re in search of a quality eCommerce plugin, we have expertise, development and options available and we’re happy to help.