Laptop computer displaying logo of WooCommerce
Camilo Pires July 28, 2021 A 3 minute read

Using WooCommerce? Beware of a critical vulnerability!

WooCommerce has announced on its developer blog that there is a critical vulnerability in multiple versions of WooCommerce.

This blog post will highlight what the vulnerability is and what this means for you going forward.

What has happened and how does it affect you?

There has been a security vulnerability found in WooCommerce and WooCommerce Blocks.

The security vulnerability allows for data such as user IDs and hashed passwords to be compromised.

Something to note that may bring a sigh of relief is that as the stored passwords are hashed, this means that it is unlikely they were compromised.

(Hashed passwords mean that they are very difficult to crack and even if they accessed, they are indiscernible, so your password is still protected!)

WooCommerce is still investigating whether data has been compromised and will share information on their developer blog in due course, providing site owners will instructions on how they can investigate if their site has been compromised.

If a store has been compromised, this data would be specific to the information that particular site is storing – but could include order, customer, and admin information.

How do you know if this affects you?

This vulnerability affects releases of WooCommerce Blocks ranging from version 2.5 through version 5.5 and WooCommerce core versions 3.3 through version 5.5.

Any stores running a version of WooCommerce or WooCommerce Blocks within these ranges are considered vulnerable.

Is there anything you need to do?

Security patches are automatically being deployed to vulnerable stores.

However, WooCommerce is still recommending upgrading to the latest version of these plugins, which is 5.5.1 currently.

After updating to a patched version, they also recommend:

  • Updating the passwords for any Admin users on your site, especially if they reuse the same passwords on multiple websites
  • Rotating any Payment Gateway and WooCommerce API keys used on your site.

Read more on the WooCommerce Developer Blog

If you like to read more into this and how this security vulnerability was actually discovered, you can do so on the WooCommerce Developer Blog here.

In need for some web-design, ecommerce and SEO?

If you happen to come across this blog post and are in need of some web design, ecommerce, and SEO solutions, we could be perfect for you!

Based in Swindon, Wiltshire, O’Brien Media have over 15 years of experience developing websites for very happy customers! We are also BigCommerce Agency Partners, so we can achieve your digital dreams!

We also make sure our websites are tested for accessibility and ensure that our websites can be used by everyone!

We are Disability Confident Committed and encourage other businesses to be too! July is Disability Pride Month, and you can read more about this and the scheme in our recent blog post here.

 

If you would like to know more, please get in touch with one of our friendly team, we would love to hear from you!