BLOG

“I still suggest you call
this page 42Lab.
Works for both of us!”
- Joey

WooCommerce announced critical vulnerabilities. Is your data at risk?

On 13th July 2021, WooCommerce, a major eCommerce plugin built for WordPress sites, announced critical vulnerabilities in WooCommerce plugins from version 3.3 to 3.5 and WooCommerce Blocks feature plugins from version 2.5 to 5.5. WooCommerce says it has deployed an automatic patch fix to all the affected stores.

Has any data been compromised?

The investigation is ongoing and there is not much clarity on whether data has been compromised, although WooCommerce assured it will keep store owners informed. WooCommerce also announced that the stores hosted on WordPress or WordPress VIP have already been secured. Additionally, they have started automatic updates of the highest plugin version for the stores to safeguard them against SQL injection attacks.

Is your store safe? What actions should you take?

WordPress.org is currently pushing forced automatic updates to all vulnerable stores. WooCommerce merchants are still advised to update their passwords and ensure their stores are running the latest version i.e 5.5.1.

For merchants who find it disruptive to update to 5.5.1, WooCommerce released a patch that closes the vulnerability for each branch. So if a site is running on WooCommerce version 4.8, they are encouraged to update to 4.8.1 – before going ahead and updating to WooCommerce 5.5.1.

“Automatic software updates are rolling out now to all stores running impacted versions of each plugin, but we still highly recommend you ensure that you’re using the latest version. For WooCommerce, this is 5.5.1 or the highest number possible in your release branch. If you’re also running WooCommerce Blocks, you should be using version 5.5.1.” says WooCommerce.

WooCommerce has included the full list of patched versions for WooCommerce and WooCommerce Blocks. It is advised you update immediately if running on a version not on this list.

WooCommerce has been transparent and the good news is that the vulnerability was not only responsibly disclosed but also patched within a day of identification. Let’s keep an eye on the latest updates from the company!

42 works

Why do Market Leaders rely on Social Listening?

Read Blog

42Works announces COVID-19 relief measures for all its team members

Read Policy
42 works
Get 42Works Blog updates in your Inbox!

    Virginia United States 3.236.84.188 https://42works.net/woocommerce-announced-critical-vulnerabilities-is-your-data-at-risk/