Using WooCommerce? Beware of a critical vulnerability!

WooCommerce has announced on its developer blog that there is a critical vulnerability in multiple versions of WooCommerce. This blog post will highlight what the vulnerability is and what this means for you going forward. What has happened and how does it affect you? There has been a security vulnerability found in WooCommerce and WooCommerce Blocks. The security vulnerability allows for data...
Read More

WooCommerce: Combating Spam Order Bots

In November of 2020, we shared an advisory for WooCommerce store owners encouraging them to update to the latest version of WooCommerce due to a vulnerability the WooCommerce team had recently addressed in the account creation flow. The WooCommerce core team discovered this vulnerability as a result of an attack from a bot that was creating spam orders and, by way of the aforementioned...
Read More
woocommerce-33-now-available.jpg

Time to upgrade! WooCommerce 4.8 is now available!

The WoocCommerce team has announced the release of WooCommerce 4.8, which is now publicly available! It has been in development since November 2020 and Core contributions include about 257 commits from 29 contributors. This is a minor release, which means everything is backward compatible with the previous version. Given the release of PHP8, WordPress 5.6, and the Twenty Twenty-One theme, the...
Read More

WooCommerce: Spam Orders and Accounts from Bots

Versions of WooCommerce prior to 4.6.2 contain a vulnerability that allows guest users to create accounts during checkout even when the "Allow customers to create an account during checkout" setting is disabled. This vulnerability is being exploited by a bot to place spam orders and create user accounts that are then used to probe for vulnerabilities in other plugins on the site. In response to...
Read More