Tweet
Free WordPress open source plugin WooCommerce has created a patch fix for a critical vulnerability that was identified on July 13, 2021 through the company’s HackerOne security program.
The company found that the vulnerability affected the WooCommerce plugin versions 3.3 to 5.5, as well as versions 2.5 to 5.5 of the WooCommerce Blocks feature plugin.
WooCommerce says it began conducting an investigation, audited all related codebases, and deployed an automatic patch fix to all stores that were affected.
[ul]
[li]Check out our list of the best WooCommerce hosting on the market[/li][li]Here is a list of the best ecommerce website design services available[/li][li]Also, take a look at the best ecommerce WordPress themes right now[/li][/ul]
In a security update blog post, WooCommerce said: “Automatic software updates are rolling out now to all stores running impacted versions of each plugin, but we still highly recommend you ensure that you’re using the latest version. For WooCommerce, this is 5.5.1 or the highest number possible in your release branch. If you’re also running WooCommerce Blocks, you should be using version 5.5.1.”
[HEADING=1]Data compromised [/HEADING]
It is still unclear whether the data of those affected had been compromised, although WooCommerce has said it will be sharing more information with site owners on how to investigate this particular security vulnerability on their websites, as and when the information becomes available.
If a store was affected, the exposed information will be specific to what that site is storing but could include order, customer, and administrative information, WooCommerce revealed.
In an email, WooCommerce informed online store owners that stores hosted on WordPress.com and WordPress VIP had already been secured.
WooCommerce provided the patch to WordPress.org, with automatic software updates still in the roll out process. This will be for the security of all stores running on impacted versions of each plugin.
The company is still working with the WordPress.org Plugin Team to automatically update as many stores as possible to “secure versions of WooCommerce”.
It has also been advised that after installing the patched version, online store owners should update their passwords.
[ul]
[li]Here is a list of the best managed WordPress hosting on the market[/li][/ul]
Via WP Tavern
Continue reading…
The company found that the vulnerability affected the WooCommerce plugin versions 3.3 to 5.5, as well as versions 2.5 to 5.5 of the WooCommerce Blocks feature plugin.
WooCommerce says it began conducting an investigation, audited all related codebases, and deployed an automatic patch fix to all stores that were affected.
[ul]
[li]Check out our list of the best WooCommerce hosting on the market[/li][li]Here is a list of the best ecommerce website design services available[/li][li]Also, take a look at the best ecommerce WordPress themes right now[/li][/ul]
In a security update blog post, WooCommerce said: “Automatic software updates are rolling out now to all stores running impacted versions of each plugin, but we still highly recommend you ensure that you’re using the latest version. For WooCommerce, this is 5.5.1 or the highest number possible in your release branch. If you’re also running WooCommerce Blocks, you should be using version 5.5.1.”
[HEADING=1]Data compromised [/HEADING]
It is still unclear whether the data of those affected had been compromised, although WooCommerce has said it will be sharing more information with site owners on how to investigate this particular security vulnerability on their websites, as and when the information becomes available.
If a store was affected, the exposed information will be specific to what that site is storing but could include order, customer, and administrative information, WooCommerce revealed.
In an email, WooCommerce informed online store owners that stores hosted on WordPress.com and WordPress VIP had already been secured.
WooCommerce provided the patch to WordPress.org, with automatic software updates still in the roll out process. This will be for the security of all stores running on impacted versions of each plugin.
The company is still working with the WordPress.org Plugin Team to automatically update as many stores as possible to “secure versions of WooCommerce”.
It has also been advised that after installing the patched version, online store owners should update their passwords.
[ul]
[li]Here is a list of the best managed WordPress hosting on the market[/li][/ul]
Via WP Tavern
Continue reading…