eCommerce

WooCommerce team released a security patch to address the configuration issue.

philipp-katzenberger-iIJrUoeRoCQ-unsplash

WooCommerce team provided a security patch to resolve an issue in the server configuration setup used by some hosts. The vulnerability could make some analytics reports publicly available under specific conditions.

The update became available on the 21st of September and was automatically applied to many of the impacted versions of WooCommerce. However, it is still recommended to ensure that your store receives the update and install it manually if needed.

The patched version numbers for each of the supported WooCommerce and WooCommerce Admin are following:

Patched versions of WooCommerce

– 4.0.3

– 4.1.3

– 4.2.4

– 4.3.5

– 4.4.3

– 4.5.4

– 4.6.4

– 4.7.3

– 4.8.2

– 4.9.4

– 5.0.2

– 5.1.2

– 5.2.4

– 5.3.2

– 5.4.3

– 5.5.3

– 5.6.1

– 5.7.0

Patched versions of WooCommerce Admin

– 1.0.4

– 1.1.4

– 1.2.5

– 1.3.3

– 1.4.1

– 1.5.1

– 1.6.4

– 1.7.4

– 1.8.4

– 1.9.1

– 2.0.4

– 2.1.6

– 2.2.7

– 2.3.2

– 2.4.5

– 2.5.2

– 2.6.4

Also, WooCommerce recommended disabling Directory Listing on your server. This feature displays a list of every file present in the web directory if there is no index file available. You can check it by visiting your.domain/wp-content/uploads.

As for the vulnerability - you can also check if your reports were active by doing the following:

  • open your.domain/wp-admin/options.php and search for the field woocommerce_admin_report_export_status. Your reports could have been downloaded if this field is present.
  • open your.domain/wp-content/uploads. Normally you should receive a blank page. However, if you see the list of files, your report file could be publicly accessible.

If you’re unsure how to check this or apply the patch, don’t hesitate to contact us. We’ll gladly help you to deal with this vulnerability or with any other of your needs.

Reading next

daniel-fazio-DzqeB43HfnE-unsplash
franck-DoWZMPZ-M9s-unsplash

Interested in a specific business & technology topic and looking for an article in our blog but haven't found one yet?

If you haven't come across an article that matches your query, feel free to suggest the topic to us, and we'll consider featuring it in our blog. Share your suggestion in the form below, and we'll be sure to review your request.

Talk with us

If you have any questions or problems in your business that can be solved with technical solutions, just let us know. We'll do everything we can to help you.