On Wednesday, WooCommerce sent out an email to store owners to immediately update their store to the latest version to fix a security vulnerability involving WooCommerce versions 3.3 to 5.5 and the WooCommerce Blocks feature plugin versions 2.5 to 5.5.
According to the email, stores hosted on WordPress.com and WordPress VIP have already been secured. WooCommerce is working with the WordPress.org Plugin Team to automatically update as many stores as possible to secure versions of WooCommerce.
In addition, WooCommerce urges store owners to take the following added precautions to safeguard their site:
- Update WooCommerce to the latest version (5.5.1) or the highest number possible in the release branch.
- Store owners running the WooCommerce Blocks feature plugin should update it to the latest version (5.5.1).
No Specifics on Breach From WooCommerce
WooCommerce did not provide many details on this security vulnerability and said its investigation is ongoing and it would share updates about the issue on its blog.
However, WooCommerce did reveal that affected stores may have order, customer, and administrative data exposed. Therefore, while it doesn’t appear to include critical customer payment and financial data, it may include proprietary and competitive information most businesses would not want to share.
WooCommerce said it jumped on the information once it learned about on Tuesday it and has been working around the clock to investigate the issue, audit all related codebases, and release a patch for every impacted version (90+ releases).
Subscribe to Our Newsletter Today
Stay in touch with the latest business insights for your online business
We do not share your information and you can unsubscribe anytime
Connect With Us And Other Small Business Owners
Please head over to our Facebook Group for Small Business Sellers and interact with other small business owners.