Critical vulnerability discovered in WooCommerce - Millions of online stores could be compromised

It was recently discovered, on July 13, 2021, a critical vulnerability in WooCommerce and plugin WooCommerce Blocks (Critical Vulnerability Detected in WooCommerce) which could affect millions of online stores from around the world, which were built on this platform.

The announcement was made by the WooCommerce (Automatic) staff on the official blog, and as was normal, no data was provided on vulnerable files. It is easy to see where code changes have been made anyway, comparing vulnerable versions with those updated a few hours ago, which contain fixed security patches.

By exploiting this vulnerability, the attacker can take over absolutely all the content of the online store, including here: personal data of customers, order details, sales reports si order status, information and privileges admininstructive of the online store. Virtually all WooCommerce data that "Shop Manager" has access to.

What versions of WooCommerce are affected by this critical vulnerability?

All versions of WooCommerce and WooCommerce Blocks from 3.3 to 5.5. That is, a huge number of versions, and exempt from this vulnerability are not the online stores that have updated WooCommerce.

We recommend updateurgent to the latest version of WooCommerce (5.5.1), and if you use an older version, WooCommerce has created a special fixed patch for each. This way you will not be forced to make a major WooCommerce upgrade if you do not have the necessary time and resources at this time.

For example, if you have an online store that has WooCommerce 3.4.x installed, updatesecurity is WooCommerce 3.4.8. It is not mandatory to switch to WooCommerce 5.5.1, but it is highly recommended that you keep this in mind in the near future.

All versions with fixed security patch can be downloaded and updated manually from WooCommerce Core / Releases. Updated versions are dated "2021-07-14".

UpdateIt can also be made from DashboardPluginsWooCommerceUpdateor update automatically if you have this option set to WordPress.

We hope that the security breach was discovered in time and that the majority adminOnline store owners are in the process of updating stores.

Critical Vulnerability Detected in WooCommerce - The investigation is still ongoing. At the moment it is not known the impact of this vulnerability and whether the patch fix could affect something negatively.

how to » WordPress » Critical vulnerability discovered in WooCommerce - Millions of online stores could be compromised

Passionate about technology, I like to test and write tutorials about operating systems macOS, Linux, Windows, about WordPress, WooCommerce and configure LEMP web servers (Linux, NGINX, MySQL and PHP). I write on since 2006, and a few years later I started writing on iHowTo.Tips tutorials and news about devices in the ecosystem Apple: iPhone, iPad, Apple Watch, HomePod, iMac, MacBook, AirPods and accessories.

1 thought on "Critical vulnerability discovered in WooCommerce - Millions of online stores could be compromised"

Leave a Comment