The latest WordPress plugin vulnerability disclosed by Sucuri recently is in the WP eCommerce plugin that lets attackers access and modify private information on your site. It allows malicious users to export user data such as names, addresses, etc. It also lets attackers buy products on your site and change the status of the transaction to “paid” without actually making the payment. The vulnerability is present in versions 18.104.22.168 and lower. So if you’re running a vulnerable version of the plugin on your site, update to the patched version right away.