Critical Vulnerability Detected in WooCommerce - SpiderSavvy

We wanted to inform you about a critical security vulnerability identified and patched by the WooCommerce team. As a WooCommerce development partner, we want to ensure that all affected SpiderSavvy clients and users are aware of this issue and take the necessary steps to secure their sites.

Affected Versions

  • WooCommerce: Versions 3.3 to 5.5
  • WooCommerce Blocks: Versions 2.5 to 5.5

Action Required

WooCommerce is pushing out automated updates where possible to patch this vulnerability. However, we recommend manually checking your site and performing updates if necessary.

I’ve included the full email sent by WooCommerce below, which includes detailed instructions on the required actions. For additional information, you can read WooCommerce’s blog post on the vulnerability here.

Need Help from SpiderSavvy?

If your site is affected and you would like assistance from a SpiderSavvy Expert to update your website, please post on SpiderSavvy as usual, and we will be happy to help.

ORIGINAL NOTIFICATION EMAIL FROM WOOCOMMERCE

Hi there,

We wanted to inform you that a critical vulnerability was identified in WooCommerce (version 3.3 to 5.5) and the WooCommerce Blocks feature plugin (version 2.5 to 5.5).

What actions should I take with my store?

Stores hosted on WordPress.com and WordPress VIP have already been secured. We are working with the WordPress.org Plugin Team to automatically update as many stores as possible to secure versions of WooCommerce. However, we also urge you to take the following added precautions to safeguard your site:

  • Update your copy of WooCommerce to the latest version (5.5.1) or the highest number possible in your release branch.
  • If running the WooCommerce Blocks feature plugin, update it to the latest version (5.5.1).

What does this mean for my store?

Our investigation into this vulnerability is ongoing, but we wanted to let you know immediately about the importance of updating.

We will share more information with site owners on investigating this security vulnerability on their sites, which we will publish on our blog when ready. If a store is affected, the exposed information will be specific to what that site is storing, but it could include order, customer, and administrative information.

What can I expect from WooCommerce in the future?

We want you to know that we always intend to respond immediately and transparently. Since we discovered this vulnerability yesterday, the WooCommerce team has worked around the clock to investigate the issue, audit all related codebases, and release a patch for every impacted version (90+ releases).

If you have any other questions, we’re here to help – reply to this email.

Thank you, The WooCommerce Team

Leave A Comment

about SpiderSavvy

We build robust WordPress solutions, leveraging our design, technology, and strategy expertise to deliver game-changing outcomes for your organization.