Why you need to update WooCommerce and WooCommerce Blocks Plugins Now on Your Site

WooCommerce recently found a critical security issue that was reported that affects all versions of WooCommerce from branches 3.3 to 5.5.

You may have already noticed an email with the subject line Action required: Critical vulnerability in WooCommerce that went out around 7pm EST.

The most current version of WooCommerce is 5.5.1 but patched versions for branches 3.3 up to version 5.5 have also been released. WordPress.org has the ability to push out automatic plugin updates for security reasons so if you were running version 5.4.1 it would have automatically updated to version 5.4.2.

Depending on which branch of WooCommerce you have running on any connected child sites, verify and make sure that the branch is updated to the patched version you can view all of the current releases from here. The patch was created for all affected versions which ended up being 90 releases.

Also if your connected child site is using the WooCommerce Blocks plugin then the critical security issue also affects this plugin as well. The current version of the WooCommerce Blocks plugin is 5.5.1. Automatic plugin updates from WordPress.org will also be pushed out for the WooCommerce Blocks to sites using it. But it is worth making sure that the plugin is being updated on any sites using it. Wordfence included a bit more information in their recent post.

If you believe you have been exploited due to this vulnerability in WooCommerce, then the WooCommerce team is recommending administrative password resets after updating to provide additional protection. If you do believe that your site may have been affected, a review of your log files might show those.

Manage all your WordPress sites with the MainWP Dashboard

WordPress Management for Professionals

Are you ready to go Pro?

All MainWP Pro Extensions are available through one of our convenient bundled packages.

Looking for something?

Your Download Is Just One Click Away

…or just download the plugin.

By entering your email, you agree to our Terms of Service and Privacy Policy.