WooCommerce Plugin Security Threat

WooCommerce, a major ecommerce plugin built for WordPress sites by Automattic, warned users on Thursday, July 14, 2021, to update their plugins as soon as possible to guard against a critical security vulnerability.

In a statement posted to the WooCommerce blog on July 14, the company was first alerted to the vulnerability on July 13, 2021, and immediately began working on a patch. WooCommerce is still investigating whether customer information was or could be exposed due to the vulnerability, but the WooCommerce team did specify in a Tweet that exposed information “could include order, customer, and administrative information.”

See the full Tweet thread here:

Also Read: Wix vs. WordPress: What Is The Best Website Builder in 2021?

How to update WooCommerce safely

WooCommerce support has provided instructions for updating its plugin without breaking a shop. Users should update to the highest number possible in their release branch to secure against the vulnerability:

“For example: If your store is running WooCommerce 4.8, first update to WooCommerce 4.8.1 – the highest version number in that branch – before going ahead and updating to WooCommerce 5.5.1.”

The ecommerce tool provider does recommend keeping your plugins up to date to the latest release and version to fully protect your site.

Problems for ecommerce sites

WordPress is the most widely used website builder tool that runs over 40% of the world’s websites. WooCommerce, which is built by the same company that provides WordPress, is a major ecommerce platform because of its close integration with WordPress.

Tamara Scott
Tamara Scott is Managing Editor at TechnologyAdvice and SmallBusinessComputing.com, where she guides content strategy, writes vendor and buyer content, and maintains high editorial standards among content creators across several properties.

Must Read