Critical Vulnerability Detected in WooCommerce on July 13, 2021 – What You Need to Know

  • Thursday, 15th July, 2021
  • 09:29am

Originally published on woocommerce.com

On July 13, 2021, a critical vulnerability concerning WooCommerce and the WooCommerce Blocks feature plugin was identified and responsibly disclosed by security researcher Josh, via our HackerOne security program.

Upon learning about the issue, our team immediately conducted a thorough investigation, audited all related codebases, and created a patch fix for every impacted version (90+ releases) which was deployed automatically to vulnerable stores.

I have a WooCommerce store – what actions should I take?

Automatic software updates are rolling out now to all stores running impacted versions of each plugin, but we still highly recommend you ensure that you’re using the latest version. For WooCommerce, this is 5.5.1 or the highest number possible in your release branch. If you’re also running WooCommerce Blocks, you should be using version 5.5.1.

Has any data been compromised?

Our investigation into this vulnerability and whether data has been compromised is ongoing. We will be sharing more information with site owners on how to investigate this security vulnerability on their site, which we will publish on our blog when it is ready. If a store was affected, the exposed information will be specific to what that site is storing but could include order, customer, and administrative information.

Is WooCommerce still safe to use?

Yes.

Incidents like this are uncommon, but do unfortunately sometimes happen. Our intention is always to respond immediately and operate with complete transparency. 

Since learning of the vulnerability, the team has worked around the clock to ensure that a fix has been put in place, and our users have been informed. 

Our continued investment in platform security allows us to prevent the vast majority of issues – but in the rare cases that could potentially impact stores, we strive to fix quickly, communicate proactively, and work collaboratively with the WooCommerce Community.

« Back
Venatour Sports Travel

Encode have continually surpassed themselves in developing our new website. Their patience in learning and understanding what we needed from a website to provide the best service to our customers has been beneficial on so many levels. I would highly recommend them to anyone looking for intelligent solutions to their web, seo or business needs.

Lisa Cooley

Positive: Professionalism, Quality, Responsiveness, Value

Working with Neil is a dream; he's fast, efficient, responsive and full of website knowledge and advice. He won't baffle you with IT over load and will be honest about the best working solution.

Highly recommended!

Ellie Stevenson Author

Positive: Professionalism, Value

Encode and I had a very useful discussion about Wordpress and related issues at no cost to myself. He gave me some very helpful information and answered the questions I had.

I learnt quite a lot! Thank you.

Silvia Boev

Positive: Professionalism, Quality, Responsiveness, Value

I am very excited to work again with Neil. His attention to detail is second to none. I have seen his work in action in the past and he is great. I love his calm approach and his patient guidance to non-tech people like me. I would highly highly reccommend him!

Dr Fuz

Neil is the best! He has sorted out all our business emails and everything runs a great deal better now. Website issues are now a thing of the past as Neil has introduced a maintenance programme to ensure the site is always working optimally and any content changes are actioned pretty much immediately.

Highly recommended!!

H Scott-Brown

'Encode' provided my hosting and domain transfers. They were able to deal with the technicalities of the transfer in a particularly speedy manner, taking all the worry of the transfer, domain issues DNS and nameserver headaches as well as the migration. A couple of emails, and phone call meant it was done smoothly, swiftly and efficiently. All I can say is I'm really please they were recommended to me. Thank you

Spinner