WooCommerce Vulnerability Detected on July 13, 2021, a critical vulnerability concerning WooCommerce and the WooCommerce Blocks feature plugin was identified and responsibly disclosed by security researcher Josh, via Woo’s HackerOne security program.
Upon learning about the issue, the WooCommerce team immediately conducted a thorough investigation, audited all related code bases, and created a patch fix for every impacted version (90+ releases) which was deployed automatically to vulnerable stores.
I have a WooCommerce store – what actions should I take?
Automatic software updates are currently rolling out to all stores running impacted versions of each plugin – we still highly recommend you ensure that you’re using the latest versions of WooCommerce and WooCommerce Blocks (5.5.1).
To do this without causing issues, first update to the highest number possible in your release branch – this will ensure your website is no longer vulnerable.
For example: If your store is running WooCommerce 4.8, first update to WooCommerce 4.8.1 – the highest version number in that branch – before going ahead and updating to WooCommerce 5.5.1.
Following this, it’s always a good idea to keep up-to-date with the latest versions of WooCommerce. Take a look at our guide on how to update WooCommerce safely.
Has any data been compromised?
Woo’s investigation into this vulnerability and whether data has been compromised is ongoing. WooCommerce will be sharing more information with site owners on how to investigate this security vulnerability on their site, which they will publish on our blog when it is ready. If a store was affected, the exposed information will be specific to what that site is storing but could include order, customer, and administrative information.
Is WooCommerce still safe to use?
Yes.
Incidents like this are uncommon, but do unfortunately sometimes happen. Woo’s intention is always to respond immediately and operate with complete transparency.
Since learning of the vulnerability, the WooCommerce team has worked around the clock to ensure that a fix has been put in place, and their users have been informed.
WooCommerce’s continued investment in platform security allows them to prevent the vast majority of issues – but in the rare cases that could potentially impact stores, they strive to fix quickly, communicate proactively, and work collaboratively with the WooCommerce Community.
WooCommerce Vulnerability Detected Full Details Below
Please visit the link below for the full statement from WooCommerce about this security issue and what you need to do next.
READ FULL WOOCOMMERCE OFFICIAL STATEMENT HERE