WooCommerce, a major ecommerce plugin built for WordPress sites by Automattic, warned users on Thursday, July 14, 2021, to update their plugins as soon as possible to guard against a critical security vulnerability.
In a statement posted to the WooCommerce blog on July 14, the company was first alerted to the vulnerability on July 13, 2021, and immediately began working on a patch. WooCommerce is still investigating whether customer information was or could be exposed due to the vulnerability, but the WooCommerce team did specify in a Tweet that exposed information “could include order, customer, and administrative information.”
See the full Tweet thread here:
How to update WooCommerce safely
WooCommerce support has provided instructions for updating its plugin without breaking a shop. Users should update to the highest number possible in their release branch to secure against the vulnerability:
“For example: If your store is running WooCommerce 4.8, first update to WooCommerce 4.8.1 – the highest version number in that branch – before going ahead and updating to WooCommerce 5.5.1.”
The ecommerce tool provider does recommend keeping your plugins up to date to the latest release and version to fully protect your site.
Problems for ecommerce sites
WordPress is the most widely used website builder tool that runs over 40% of the world’s websites. WooCommerce, which is built by the same company that provides WordPress, is a major ecommerce platform because of its close integration with WordPress.