Last night I was browsing a few different sites that run the Easy Digital Downloads plugin to check how they’ve implemented the checkout design within their site. For example if they’ve customized the design or just stuck with the default checkout design (We’ve completely re-designed our checkout using the plugin). While I was doing that I found a pretty huge critical security flaw which allowed me Admin access to the site I was visiting. I couldn’t quite believe it!
Wheres the PANIC! Button
I immediately contacted Pippin via Twitter and iMessage (interrupting his valentines evening 😉 and showed him what I discovered. He couldn’t quite believe it either and with help from Samuel Wood aka (Otto) was able to patch the issue within 30mins of finding the bug and submitted the patch to the WordPress repository which then fixed the issue.
I just thank Pippin for being so responsive and being able to address critical security issues in a very timely manner.
Make Sure You Update!
In some of our themes we’ve integrated Easy Digital Downloads within the theme for example the “Photostore” theme. If you’re using this theme with the plugin I’d recommend upgrading the plugin to fix the issue. Having a site that hasn’t got the latest versions of plugins installed, or even WordPress, is a sure way to get your site compromised.
Security Code Audit
Last night we chatted with Dre Armed over at Sucuri Security regarding the issue with the plugin and he was able to provide some great advice. Both myself and Pippin think it would be very beneficial that the plugin gets a full security code audit by their team. Hopefully in the very near future we can see that happen.
184.108.40.206 Now Available For Download
Get the latest update of the plugin via your WordPress dashboard in the Updates Tab, or download it directly from the WordPress repository.