Critical vulnerability discovered in WooCommerce – Millions of online stores could be compromised

1

It was recently discovered, on July 13, 2021, a critical vulnerability in WooCommerce and plugin WooCommerce Blocks (Critical Vulnerability Detected in WooCommerce) which could affect millions of online stores from around the world, which were built on this platform.

The announcement was made by the staff WooCommerce (Automatic) on the official blog, and as was normal, no data was provided about the vulnerable files. It is anyway easy to see where code changes have been made, comparing the vulnerable versions with those updated a few hours ago, which contain a fixed security patch.

By exploiting this vulnerability, the attacker can take over absolutely all the content of the online store, including here: personal data of customers, order details, sales reports si order status, information and administrative privileges of the online store. Practically all data WooCommerce to which the "Shop Manager" has access.

What versions of WooCommerce are affected by this critical vulnerability?

All versions of WooCommerce si WooCommerce Blocks from 3.3 to 5.5. That means a huge number of versions, and the online stores that have them are not exempt from this vulnerability either WooCommerce updated to date.

We recommend update- the urgent to the latest version of WooCommerce (5.5.1), and if you use an older version, those from WooCommerce they created special fixed patch for each. In this way you will not be forced to make a major upgrade WooCommerce if you do not have the necessary time and resources at this moment.


For example, if you have an online store that you have installed WooCommerce 3.4.x, updatesecurity is WooCommerce 3.4.8. It is not mandatory to switch to WooCommerce 5.5.1, but it is highly recommended that you keep this in mind in the near future.

All versions with fixed security patch can be downloaded and updated manually from WooCommerce Core / Releases. Updated versions are dated "2021-07-14".

UpdateIt can also be made from DashboardPluginsWooCommerceUpdateor update automatically if you have this option set to WordPress.

We hope that the security breach was discovered in time and that most online store managers are in the process of updating the stores.

Critical Vulnerability Detected in WooCommerce - the investigation is still ongoing. At the moment, the impact of this vulnerability is not known, nor if the patch fix could affect anything in a negative way.

Passionate about technology, I enjoy writing on StealthSettings.com since 2006. I have a rich experience in operating systems: macOS, Windows, and Linux, as well as in programming languages and blogging platforms (WordPress) and for online stores (WooCommerce, Magento, PrestaShop).

Tutorials written by me.
AntiVirus & Security Internet WordPress
Critical Vulnerability Security WooCommerce WooCommerce Modules WordPress WordPress hacks
How to » WordPress » Critical vulnerability discovered in WooCommerce – Millions of online stores could be compromised

How to customize the Start in menu Windows 11 – Recently opened files, applications and folders

How to increase performance Windows 11 si Windows 10? Faster computer or laptop

1 thought on "Critical vulnerability discovered in WooCommerce – Millions of online stores could be compromised”

  1. Pingback: Vulnerability Microsoft Teams - Auth Tokens in cleartext (2022)
Leave a Comment

Stealth Settings

Windows

Windows 11

Windows 10

Windows 8 / 8.1

Windows 7

Windows Vista

Windows XP

Task Manager

how To

Microsoft 365 /Office

Microsoft 365 /Office

Excel

Word

PowerPoint

Outlook

Office 365 Productivity

Linux & Web Software

Nginx

Apache HTTP Server

PHP

SQL/MySQL

CentOS

Ubuntu

Web Hosting

WordPress & WooCommerce

Security & Antivirus

Awareness

Antivirus & Security

Malware

spyware

© 2024 Stealth Settings. IT tutorials and news.

Privacy policy | About Cookies | Contact | About us