WP e-Commerce 3.8.7.5 security release
Hi everyone!
First of all, happy new year! 2012 will be a very exciting year for WPEC users. Some big stuff is coming up for this year, but that’s for another post (we prefer to show you rather than to tell you 
It’s going to be a pleasant surprise for sure).
Anyways, our friend Alain Schneider helped us plug a Cross Site Scripting (XSS) security hole that’s affecting all 3.8.x and 3.7.8.x installations. The severity of this issue is moderate, so we highly recommend that you upgrade to 3.8.7.5 and 3.7.8.3 respectively (by “highly recommend”, we really mean we’re begging you to upgrade; security issues are no trivial stuff!).
We would also like to thank White Fir Design for organizing the WordPress Security Bug Bounty Program. Most of our recent security fixes came out of that program, and we can’t say enough how grateful we are! It’s impressive that a company is willing to go that far to improve the quality of WordPress open source plugins. But it’s also shocking that such a program is not heavily promoted and talked about by WordPress community. If you’re interested, head over there and participate!
How to upgrade
For 3.8.x users, you can use WordPress’ automatic upgrade feature. Or you can download the package manually, extract it and upload to wp-content/plugins.
For 3.7.8.x users, do not use automatic upgrade. Instead, download the 3.7.8.3 package here, extract it and upload to wp-content/plugins. It’s important to note that we no longer officially support 3.7.8. We recommend that you upgrade to the latest 3.8.x to enjoy all the new features and bug fixes.
We don’t want to sound like a broken record, but please backup your database and files before upgrading, just in case. In fact, you should not only do this with WP e-Commerce updates, but also with WordPress core or any other plugins’ updates.
hi we are still having problems setting up the google checkout and would very much like someone to contact us in order to deal with this situation.
The last 24 hours have been absolutely mad! 1. I make an anstint decision that I’ve been spending enough time with my blog lately and will hold of upgrading to WP 2.6. 2. But… why not print out the upgrade notes for some “light” reading in the evening! Done. 3. After dinner, read upgrade notes and start going through the upgrade steps in my mind. 4. A little more reading and a plan is born! 5. By 10:00pm my decision to hold of with the upgrade goes out the window and I sit down at my laptop, make a connection to the net and start getting that tingling feeling inside. One the one hand nervous as one is befoe any upgrade yet excited at the prospect of being able to use some of the new features of WP 2.6.Haha your post made me laugh, I can so imagine what your going through I live under the hood BTW, my whole site is powered by WP 2.6 Nice writing!
I cant seem to change the size of the single product image in the new release: http://www.honeycomb-events.com/shop/product-category/test-2/
For some reason it wont update to a smaller size when i change it in the presentation settings. Is this a bug or just me? :S
It was just me… no worries
There is an issue with WPEC whereby the price of “Related Products” shows up as “$0″ instead of the actual price. The issue was traced to the “product-template.php” file in /wp-e-commerce/wpsc-includes
Here is the fix:
———————–
In file /wp-e-commerce/wpsc-includes/product-template.php
on line 411
This line was replaced:
if ( ! empty( $wpsc_variations->first_variations ) ) {
With This:
if ( ! empty( $wpsc_variations->first_variations ) && $wpsc_variations->variation_count > 0 ) {
In order to return the correct price for Related Items instead of $0
———————–
Kindly incorporate this fix in the next release.
Thank you.
I upgraded WP e-Commerce but I’m still showing that my Gold Cart plugin needs to be updated. The upgrade link takes me to this page and I don’t see anywhere where I can upgrade my Gold Cart plugin.
Could you please post the link to that upgrade please?
Thanks!
Wendyn,
Did you find an answer to this? I’m having the same issue.
Thank you!
While my site is only about 1 month old and yet to be updated for its new dgsein, I have 8 plugins installed. I am very detailed oriented in my day to day dealings so no problem with the desire to just randomly install things and left them alone. My motto use it or lose it! For an SEO plug, I have been experimenting with Greg’s High Performance SEO as it has a ton of options and is quite advanced. Just haven’t gotten it all configured as I want yet.Thanks for the post. You have some good stuff on this blog..-= Adam @ Investment Management Marketing EverydayTenacity.com s last blog .. =-.