WooCommerce: Combating Spam Order Bots

In November of 2020, we shared an advisory for WooCommerce store owners encouraging them to update to the latest version of WooCommerce due to a vulnerability the WooCommerce team had recently addressed in the account creation flow. The WooCommerce core team discovered this vulnerability as a result of an attack from a bot that was creating spam orders and, by way of the aforementioned...
Read More

Time to upgrade! WooCommerce 4.8 is now available!

The WoocCommerce team has announced the release of WooCommerce 4.8, which is now publicly available! It has been in development since November 2020 and Core contributions include about 257 commits from 29 contributors. This is a minor release, which means everything is backward compatible with the previous version. Given the release of PHP8, WordPress 5.6, and the Twenty Twenty-One theme, the...
Read More

WooCommerce: Spam Orders and Accounts from Bots

Versions of WooCommerce prior to 4.6.2 contain a vulnerability that allows guest users to create accounts during checkout even when the "Allow customers to create an account during checkout" setting is disabled. This vulnerability is being exploited by a bot to place spam orders and create user accounts that are then used to probe for vulnerabilities in other plugins on the site. In response to...
Read More