Why you need to update WooCommerce and WooCommerce Blocks Plugins Now on Your Site

WooCommerce recently found a critical security issue that was reported that affects all versions of WooCommerce from branches 3.3 to 5.5.

You may have already noticed an email with the subject line Action required: Critical vulnerability in WooCommerce that went out around 7pm EST.

The most current version of WooCommerce is 5.5.1 but patched versions for branches 3.3 up to version 5.5 have also been released. WordPress.org has the ability to push out automatic plugin updates for security reasons so if you were running version 5.4.1 it would have automatically updated to version 5.4.2.

Depending on which branch of WooCommerce you have running on any connected child sites, verify and make sure that the branch is updated to the patched version you can view all of the current releases from here. The patch was created for all affected versions which ended up being 90 releases.

Also if your connected child site is using the WooCommerce Blocks plugin then the critical security issue also affects this plugin as well. The current version of the WooCommerce Blocks plugin is 5.5.1. Automatic plugin updates from WordPress.org will also be pushed out for the WooCommerce Blocks to sites using it. But it is worth making sure that the plugin is being updated on any sites using it. Wordfence included a bit more information in their recent post.

If you believe you have been exploited due to this vulnerability in WooCommerce, then the WooCommerce team is recommending administrative password resets after updating to provide additional protection. If you do believe that your site may have been affected, a review of your log files might show those.

Comments are closed.

Looking for something?

Privacy laws apply to businesses that collect personal information. Since no personal information is collected by the MainWP plugins, no privacy laws apply to the MainWP plugins. This includes GDPR, UK DPA 2018, PIPEDA, Australia Privacy Act 1988, LGPD, PIPL, and other privacy laws.
Donata Stroink-Skillrud
Donata Stroink-Skillrud
President of Agency Attorneys