Security Hole in WooCommerce

UPDATED JULY 16 2021

The Core WooCommerce development team released WooCommerce version 5.5.0 on July 13th.  After the release, a  vulnerability was reported  by security researcher Josh, via HackerOne (https://hackerone.com/automattic)

 

For WP Concierges, WooCommerce has always been a secure and safe way to do ecommerce for any size business and we still feel confident in this platform. 

 

Once WooCommerce discovered the hole, the development team wasted no time finding a solution.

WooCommerce communications also didn’t let up.  We got an email after email forwarded to us from clients all around the world asking if we should be concerned. 

 

WooCommerce states that this hole affected 90+ releases: They have deployed patches for ALL releases, so  no matter what version of Woo you are currently on, you should upgrade to be secure.

 

“To do this without causing issues, first update to the highest number possible in your release branch – this will ensure your website is no longer vulnerable. 

 

For example: If your store is running WooCommerce 4.8, first update to WooCommerce 4.8.1 – the highest version number in that branch – before going ahead and updating to WooCommerce 5.5.1.”

  

WP Concierges went to work with those that were not auto updated upgrading WooPrenuer’s ecommerce stores to ensure they were running properly and safely.

 

What we know so Far?

WooCommerce has promised to update their blog with their findings soon.  I imagine they are busy trying to get all 5,000,000 plus people to get upgraded! 

 

In a previous blog post, I talked about how to have of all WooCommerce stores are not even on version 4+.  There are usually 3 reasons for this.

 

  1. WooCommerce was customized so much it’s a massive undertaking to upgrade.

  2. The WooCommerce store is abandoned by the store owner who only checks in occasionally or not at all.

  3. The WooPrenuer doesn’t have the WP Concierges team behind them to keep them updated!  

So there’s a lot of exposed stores out there right now! 

It affects 90+ versions of WooCommerce

So it doesn’t matter what version of WooCommerce you are on! Upgrade to the next version to get secure.

 

To do this without causing issues, first update to the highest number possible in your release branch – this will ensure your website is no longer vulnerable. 

 

For example: If your store is running WooCommerce 4.8, first update to WooCommerce 4.8.1 – the highest version number in that branch – before going ahead and updating to WooCommerce 5.5.1.

If Affects Data!

This is the major one! As it’s your customer’s data.  What they have said is it affects:

  1. Order Data
  2. Customer Data
  3. Administrative Data

That means there’s no messing around with this version if you dont want a customer calling asking why their data is on the dark web.  Also they can then get into your store again and again.  

You can read WooCommerce original post regarding this vulnerability here; a follow-up post is to follow when more information is available.


However, never fear when WP Concierges is near! We have your back and will get you upgraded and get your site scanned and secured with our WooSecured security plugin.

Have concerns or need help upgrading?

We are here for you and ready to secure your site. You have two options with us:

 

1. Our security plugin, WooSecured gets your site secure and clean from any malware. You can order WooSecured here

 

2. Open a support ticket with us.  We are a paid WooCommerce support company with concierges scattered all over the U.S. to serve you better.

Follow this link to open a support ticket

Share This Post

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Plugins

eboov.com

From the desk of Joel Otterstrom President of WpConcierges Since the middle of November my mind has been focused on a project. The project is

Plugins

Plugin Vulnerabilities for March 2022

Is your site up to date? Outdate plugins & themes are the #1 reason sites get hacked. Don’t leave your WooCommerce store vulnerable! MC4WP Vulnerability:

Do You Want To Boost Your Business?

drop us a line and keep in touch