As of July 13th 2021, WooCommerce has patched a critical vulnerability, that is yet to be specified. This issue impacts WooCommerce versions 2.5 up to 5.5.
If your eCommerce store is running WooCommerce, then we strongly recommend that you go and double-check that it’s at the latest version of 5.5.1, if not, then update it as soon as possible.
Upgrade to version 5.5.1 (latest version)
Research has found that only 7.2% of WooCommerce stores are running version 5.5.1 (latest version).
A whopping 51.7% of WooCommerce stores are still running version 5.1 or below, which can prove a security issue.
This means in total, that 92.8% of WooCommerce stores are exposed to this security issue.
WordPress.org forced updates
WordPress.org has forced updates on the majority of websites running older versions of WooCommerce, as these may be vulnerable.
Some websites, however, only have manual updates set on them and that may include yours, if that is the case, go into your website now and update your WooCommerce plugin to the latest version. WooCommerce have described this issue as a critical vulnerability, so don’t take any chances.
Critical Vulnerability Announcement
The Head of Engineering at WooCommerce, Beau Lebens, wrote this statement in the announcement of this issue, it reads:
Our investigation into this vulnerability and whether data has been compromised is ongoing. We will be sharing more information with site owners on how to investigate this security vulnerability on their site, which we will publish on our blog when it is ready. If a store was affected, the exposed information will be specific to what that site is storing but could include order, customer, and administrative information.
WooCommerce Team found the issue via a user by the name of Josh through the Hackerone security program.
Is my WooCommerce store still safe?
The short answer, yes, your store is safe!
These incidents, while occasional, do unfortunately occur.
WooCommerce’ investment in the Hackerone security program has allowed them to find this issue.
For those that run their store on WooCommerce, keep a close eye on its version and stay tuned with the latest security updates.