Critical Vulnerability Detected in WooCommerce – What You Need to Know

On July 13, 2021, a critical vulnerability concerning WooCommerce and the WooCommerce Blocks feature plugin was identified.

Upon learning about the issue, their team immediately conducted a thorough investigation, audited all related codebases, and created a patch fix for every impacted version (90+ releases) which was deployed automatically to vulnerable stores.

I have a WooCommerce store – what actions should I take?

Automatic software updates are currently rolling out to all stores running impacted versions of each plugin – I still highly recommend you ensure that you’re using the latest versions of WooCommerce and WooCommerce Blocks (5.5.1).

To do this without causing issues, first update to the highest number possible in your release branch – this will ensure your website is no longer vulnerable. 

For example: If your store is running WooCommerce 4.8, first update to WooCommerce 4.8.1 – the highest version number in that branch – before going ahead and updating to WooCommerce 5.5.1.

Following this, it’s always a good idea to keep up-to-date with the latest versions of WooCommerce. Take a look at Woo’s guide on how to update WooCommerce safely. If you’re not confident updating your shop by yourself, let kimtown do it for you! Send me a message, I’ll take a look at your shop and give you a quote on updating all of your plugins (if needed), including WooCommerce! This service starts at just $50!

Has any data been compromised?

Their investigation into this vulnerability and whether data has been compromised is ongoing. They will be sharing more information with site owners on how to investigate this security vulnerability on their site, which they will publish on their blog when it is ready. If a store was affected, the exposed information will be specific to what that site is storing but could include order, customer, and administrative information.

Is WooCommerce still safe to use?

Yes.

Incidents like this are uncommon, but do unfortunately sometimes happen. Their intention is always to respond immediately and operate with complete transparency. 

Since learning of the vulnerability, the team has worked around the clock to ensure that a fix has been put in place, and their users have been informed. 

Their continued investment in platform security allows them to prevent the vast majority of issues – but in the rare cases that could potentially impact stores, they strive to fix quickly, communicate proactively, and work collaboratively with the WooCommerce Community.

How do I know if my version is up-to-date?

The table below contains the full list of patched versions for both WooCommerce and WooCommerce Blocks. If you are running a version of WooCommerce or WooCommerce Blocks that is not on this list, please update immediately.

Patched WooCommerce versions Patched WooCommerce Blocks versions
3.3.6 2.5.16
3.4.8 2.6.2
3.5.9 2.7.2
3.6.6 2.8.1
3.7.2 2.9.1
3.8.2 3.0.1
3.9.4 3.1.1
4.0.2 3.2.1
4.1.2 3.3.1
4.2.3 3.4.1
4.3.4 3.5.1
4.4.2 3.6.1
4.5.3 3.7.2
4.6.3 3.8.1
4.7.2 3.9.1
4.8.1 4.0.1
4.9.3 4.1.1
5.0.1 4.2.1
5.1.1 4.3.1
5.2.3 4.4.3
5.3.1 4.5.3
5.4.2 4.6.1
5.5.1 4.7.1
  4.8.1
  4.9.2
  5.0.1
  5.1.1
  5.2.1
  5.3.2
  5.4.1
  5.5.1

If you have any further concerns or questions regarding this issue, please get in touch. I am always happy to help you update your plugins and/or answer any questions you may have. 

*FYI: The kimtown shop has not been compromised in any way and is running the latest version, 5.5.1, of WooCommerce.

Leave a Reply

WEB DESIGN, GRAPHIC DESIGN, WEB HOSTING kimtown offers Website Design, Splash Page Design, Shopping Cart Design, E-commerce Design, Blog Design, Web Hosting, for all kinds of small, medium and large sized businesses. Designs for Photographers, designs for Artists, designs for Seamstresses, designs for Builders, designs for Architects and so much more! Logo Design, Business Card Design, Brochure Design, Mailing Designs and any other print media work you need. Social media design, branding, sublimation design, custom embroidery digitizing and design for all business types out of Jacksonville Florida but serving the United States and most countries, worldwide. 

Join my list:

Don’t miss a thing! Sign up here!
http://eepurl.com/QBXhT

DISCLAIMER: kimtown participates in affiliate marketing and may receive commissions when you click our links and purchase from them. This does not cost you extra and does not, in any way, change or impact our reviews and recommendations. We use these small commissions to help keep much of our content free. kimtown offers a wide variety of services including web design, splash pages, blogs, blog+sites, client sites, machform, facebook design and customization, client site login customization for photographers and small businesses.
HTML Websites for Photographers, Web Design, Splash Pages, Wordpress Blogs, Splash Page Design + Commercial Photography. kimtown Web Site Design, Custom HTML Sites, Web Design, Splash Pages, Forums, Blog Design, Installation, Blog Headers, Splash Page Editor. kimtown offers custom and template splash page design to clients around the world.

© 2006-2021 kimtown | All rights reserved.

X
Add to cart
%d bloggers like this: