Critical vulnerability in WooCommerce
Here is what we know.
A critical vulnerability was identified in WooCommerce (versions 3.3 to 5.5) and the WooCommerce Blocks feature plugin (versions 2.5 to 5.5).
Here is what we have done.
We were notified by WooCommerce that Automatic software updates are currently rolling out to all stores running impacted versions of each plugin. In preparation for the roll out we have ensured all WooCommerce stores are up to the latest version (5.5.1) and recent back-ups of the website have been done.
A message from Woocommerce regarding compromised data.
“Our investigation into this vulnerability and whether data has been compromised is ongoing. We will be sharing more information with site owners on how to investigate this security vulnerability on their site, which we will publish on our blog when it is ready. If a store was affected, the exposed information will be specific to what that site is storing but could include order, customer, and administrative information.”
Where we go from here.
For now, we will wait for the update and continue to monitor all our WooCommerce sites. WooCommerce is still a safe platform to use, and their development team is hard at work fixing the vulnerability. To stay up to date on the issue check out their blog.