Critical vulnerability discovered in WooCommerce - Millions of online stores could be compromised

It was recently discovered, on July 13, 2021, a critical vulnerability in WooCommerce and plugin WooCommerce Blocks (Critical Vulnerability Detected in WooCommerce) which could affect millions of online stores from around the world, which were built on this platform.

The announcement was made by the WooCommerce (Automatic) staff on the official blog, and as was normal, no data was provided on vulnerable files. It is easy to see where code changes have been made anyway, comparing vulnerable versions with those updated a few hours ago, which contain fixed security patches.

By exploiting this vulnerability, the attacker can take over absolutely all the content of the online store, including here: personal data of customers, order details, sales reports si order status, information and administrative privileges of the online store. Virtually all WooCommerce data that "Shop Manager" has access to.

What versions of WooCommerce are affected by this critical vulnerability?

All versions of WooCommerce and WooCommerce Blocks from 3.3 to 5.5. That is, a huge number of versions, and exempt from this vulnerability are not the online stores that have updated WooCommerce.

We recommend urgent update to the latest version of WooCommerce (5.5.1), and if you use an older version, WooCommerce has created a special fixed patch for each. This way you will not be forced to make a major WooCommerce upgrade if you do not have the necessary time and resources at this time.


For example, if you have an online store where you have WooCommerce 3.4.x installed, the security update is WooCommerce 3.4.8. It is not mandatory to switch to WooCommerce 5.5.1, but it is highly recommended that you keep this in mind in the near future.

All versions with fixed security patch can be downloaded and updated manually from WooCommerce Core / Releases. Updated versions are dated "2021-07-14".

The update can also be done from DashboardPluginsWooCommerceUpdate, or automatic update if you have this option set in WordPress.

We hope that the security breach was discovered in time and that most online store managers are in the process of updating the stores.

Critical Vulnerability Detected in WooCommerce - The investigation is still ongoing. At the moment it is not known the impact of this vulnerability and whether the patch fix could affect something negatively.

Passionate about technology, I like to test and write tutorials about operating systems macOS, Linux, Windows, about WordPress, WooCommerce and LEMP web server configuration (Linux, NGINX, MySQL and PHP). I write on StealthSettings.com since 2006, and a few years later I started writing on iHowTo.Tips tutorials and news about devices in the ecosystem Apple: iPhone, iPad, Apple Watch, HomePod, iMac, MacBook, AirPods and accessories.

Leave a Comment