The critical vulnerability in WooCommerce - new details.


More than a week ago, we posted information about discovered in WooCommerce versions from 3.3 to 5.5. Now additional details became available, and we are ready to share them with you.

WooCommerce team provided additional information on how to understand whether your store was affected. There is no definitive way to confirm that your site was under attack. However, it is still possible to find some traces.

First of all, you need to check the access logs of your server between December 2019 and now. If you find something similar to the examples below, it is highly likely that your site was exploited:

  • REQUEST_URI matching regular expression /\/wp-json\/wc\/store\/products\/collection-data.*%25252.*/
  • REQUEST_URI matching regular expression /.*\/wc\/store\/products\/collection-data.*%25252.*/ (note that this expression is not efficient/is slow to run in most logging environments)
  • Any non-GET (POST or PUT) request to /wp-json/wc/store/products/collection-data or /?rest_route=/wc/store/products/collection-data

Also, it was noticed that most of the requests are coming from specific IP addresses:


And the first one made over 98% of such requests.

As mentioned in the previous article, the possibly affected information could include administrative information, customer and order data. It is unlikely that passwords were compromised if you’re using the built-in WordPress password management since they are hashed using salts, and it makes the resulting value very difficult to crack. However, additional plugins may change this behavior, so it would be wise to change your passwords and any other secret data, such as API keys, payment gateways credentials, and so on, once the security update is done.

Also, depending on your local laws, you may need to reach your customers and notify them if your store was possibly affected. But the most urgent action is to update your store to the latest version. 

On the 14th of July 2021, WooCommerce started an automatic update process to all the stores using the impacted versions. It was discontinued on the 23rd of July. 

It is important to check that your site was updated because it might not happen due to disabled auto-updates, read-only filesystem, potential extension conflicts, and so on. If that’s the case - make sure to update the system manually.

Reading next


Interested in a specific business & technology topic and looking for an article in our blog but haven't found one yet?

If you haven't come across an article that matches your query, feel free to suggest the topic to us, and we'll consider featuring it in our blog. Share your suggestion in the form below, and we'll be sure to review your request.

Talk with us

If you have any questions or problems in your business that can be solved with technical solutions, just let us know. We'll do everything we can to help you.