Today our blog post will be about a Vulnerability found in an older version of WooCommerce, as we want all our customer’s businesses to succeed. Having a potential security issue on an e-commerce platform is important, and if you are running a WooCommerce website for your company, this post is for you.
We’re reaching out to let you know that a critical vulnerability was identified in WooCommerce (versions 3.3 to 5.5) and the WooCommerce Blocks feature plugin (versions 2.5 to 5.5).
What actions should I take with my store?
They are currently working with the WordPress.org Plugin Team to automatically update as many stores as possible to secure versions of WooCommerce. But also urge you, however, to take the following added precautions to safeguard your site:
Update your copy of WooCommerce to the latest version (5.5.1) or the highest number possible in your release branch. If you are running the WooCommerce Blocks feature plugin, you’ll need to update it to the latest version (5.5.1).
What does this mean for my store?
Their investigation into this vulnerability is ongoing, but we wanted to inform you now about the importance of updating immediately to avoid any issue with your WooCommerce installation.
They will be sharing more information with site owners on how to investigate this security vulnerability on their site, which they will publish on their blog when it is ready. If a store was affected, the exposed information will be specific to what that site is storing but could include order, customer, and administrative information.
What can I expect from WooCommerce in the future?
Our intention is always to respond immediately and operate with complete transparency. Since we discovered this vulnerability yesterday, the WooCommerce team has worked around the clock to investigate the issue, audit all related codebases, and release a patch for every impacted version (90+ releases).
If you have any other questions or need help to secure, fix or move your e-commerce platform, we’re here to help – Contact at UnderHost.com ->