Critical vulnerability discovered in WooCommerce – Millions of online stores could be compromised

It was recently discovered, on July 13, 2021, a critical vulnerability in WooCommerce and plugin WooCommerce Blocks (Critical Vulnerability Detected in WooCommerce) which could affect millions of online stores from around the world, which were built on this platform.

The announcement was made by the staff WooCommerce (Automatic) on the official blog, and as was normal, no data was provided about the vulnerable files. It is anyway easy to see where code changes have been made, comparing the vulnerable versions with those updated a few hours ago, which contain a fixed security patch.

By exploiting this vulnerability, the attacker can take over absolutely all the content of the online store, including here: personal data of customers, order details, sales reports si order status, information and administrative privileges of the online store. Practically all data WooCommerce to which the "Shop Manager" has access.

What versions of WooCommerce are affected by this critical vulnerability?

All versions of WooCommerce si WooCommerce Blocks from 3.3 to 5.5. That means a huge number of versions, and the online stores that have them are not exempt from this vulnerability either WooCommerce updated to date.

We recommend update- the urgent to the latest version of WooCommerce (5.5.1), and if you use an older version, those from WooCommerce they created special fixed patch for each. In this way you will not be forced to make a major upgrade WooCommerce if you do not have the necessary time and resources at this moment.

For example, if you have an online store that you have installed WooCommerce 3.4.x, updatesecurity is WooCommerce 3.4.8. It is not mandatory to switch to WooCommerce 5.5.1, but it is highly recommended that you keep this in mind in the near future.

All versions with fixed security patch can be downloaded and updated manually from WooCommerce Core / Releases. Updated versions are dated "2021-07-14".

UpdateIt can also be made from DashboardPluginsWooCommerceUpdateor update automatically if you have this option set to WordPress.

We hope that the security breach was discovered in time and that most online store managers are in the process of updating the stores.

Critical Vulnerability Detected in WooCommerce - the investigation is still ongoing. At the moment, the impact of this vulnerability is not known, nor if the patch fix could affect anything in a negative way.

Passionate about technology, I enjoy writing on since 2006. I have a rich experience in operating systems: macOS, Windows, and Linux, as well as in programming languages and blogging platforms (WordPress) and for online stores (WooCommerce, Magento, PrestaShop).

How to » WordPress » Critical vulnerability discovered in WooCommerce – Millions of online stores could be compromised

1 thought on "Critical vulnerability discovered in WooCommerce – Millions of online stores could be compromised”

  1. Pingback: Vulnerabilitate Microsoft Teams - Auth Tokens in cleartext (2022)
Leave a Comment