Title: WARNING: Exploit found in this plugin!
Last modified: October 10, 2017

---

# WARNING: Exploit found in this plugin!

 *  [yachtfocus](https://wordpress.org/support/users/yachtfocus/)
 * (@yachtfocus)
 * [8 years, 8 months ago](https://wordpress.org/support/topic/warning-exploit-found-in-this-plugin/)
 * WARNING: when checking raw access logs on my server, I discover that hackers 
   try to access a file of this plugin.
 * With this exploit they can access the passwd file of your server. /etc/passwd
   file stores essential information, which is required during login i.e. user account
   information. /etc/passwd is a text file, which contains a list of the system’s
   accounts, giving for each account some useful information like user ID, group
   ID, home directory, shell, etc.
 * RAW access information:
    142.44.207.70 – – [10/Oct/2017:15:47:51 +0200] “GET /
   wp-content/plugins/wp-ecommerce-shop-styling/XXX-REMOVEDTHISFORSECURITY-XX/FILE?
   filename=../../../../../../../../../etc/passwd HTTP/1.1” 404 11262 “-” “Mozilla/
   5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75
   Safari/537.36 OPR/36.0.2130.32”
 * Please note: Made some changes so that this exploit is not publicy visible.
 * Questions? Please reply below.
    -  This topic was modified 8 years, 8 months ago by [yachtfocus](https://wordpress.org/support/users/yachtfocus/).
    -  This topic was modified 8 years, 8 months ago by [yachtfocus](https://wordpress.org/support/users/yachtfocus/).

Viewing 1 replies (of 1 total)

 *  Plugin Author [Hannes Etzelstorfer](https://wordpress.org/support/users/haet/)
 * (@haet)
 * [8 years, 8 months ago](https://wordpress.org/support/topic/warning-exploit-found-in-this-plugin/#post-9573661)
 * Sorry this plugin is not supported anymore. I already requested to delete it 
   from plugin repository.

Viewing 1 replies (of 1 total)

The topic ‘WARNING: Exploit found in this plugin!’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/wp-ecommerce-shop-styling_7c7a77.
   svg)
 * [WP e-Commerce Shop Styling](https://wordpress.org/plugins/wp-ecommerce-shop-styling/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-ecommerce-shop-styling/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-ecommerce-shop-styling/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-ecommerce-shop-styling/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-ecommerce-shop-styling/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-ecommerce-shop-styling/reviews/)

## Tags

 * [exploit](https://wordpress.org/support/topic-tag/exploit/)

 * 1 reply
 * 2 participants
 * Last reply from: [Hannes Etzelstorfer](https://wordpress.org/support/users/haet/)
 * Last activity: [8 years, 8 months ago](https://wordpress.org/support/topic/warning-exploit-found-in-this-plugin/#post-9573661)
 * Status: not a support question