WooCommerce notified the users about a critical vulnerability.


A vulnerability related to WooCommerce (affected versions 3.3 to 5.5) and WooCommerce Blocks (affected versions 2.5 to 5.5) was discovered on the 13th of July and reported via the HackerOne security program. The exact details aren’t disclosed at the moment, but the WooCommerce team strongly recommends updating the system to the latest version available for your branch. To cover the vulnerability, WooCommerce prepared over 90 releases for all the available branches. The list of branches is available here.

The vulnerability investigation is still ongoing, so it is not clear if any data was compromised. Possibly affected information could include administrative information, customer and order data.

The WooCommerce team will share additional information, such as a way to recheck the vulnerability at your site. However, they still don't have all the information and are working to investigate this further. The notifications regarding this situation will be available in the WooCommerce blog.

In general, there is no need to worry since the WooCommerce team took care of the vulnerability really quickly. However, you still need to install the fix if your site is operated under one of the vulnerable versions.

Reading next

Remote work and workers’ health

Interested in a specific business & technology topic and looking for an article in our blog but haven't found one yet?

If you haven't come across an article that matches your query, feel free to suggest the topic to us, and we'll consider featuring it in our blog. Share your suggestion in the form below, and we'll be sure to review your request.

Talk with us

If you have any questions or problems in your business that can be solved with technical solutions, just let us know. We'll do everything we can to help you.