It was recently discovered, on July 13, 2021, o critical vulnerability in WooCommerce yes plugin WooCommerce Blocks (Critical Vulnerability Detected in WooCommerce) that could affect millions of online stores from all over the world, which were built on this platform.

The announcement was made by the WooCommerce (Automatic) staff on the official blog, and as usual no data was provided about the vulnerable files. It is anyway easy to see where code changes have been made, comparing the vulnerable versions with those updated a few hours ago, which contain a fixed security patch.

Exploiting this vulnerability, the attacker can take over absolutely all the content of the online store, including here: personal data of customers, order details, sales reports and order status, information and administrative privileges of the online store. Basically all WooCommerce data it has access to “Shop Manager”.

Which versions of WooCommerce are affected by this critical vulnerability?

All versions of WooCommerce if WooCommerce Blocks from 3.3 if pana from 5.5. That means a huge number of versions, and online stores that have updated WooCommerce are not exempt from this vulnerability either.

It is recommended urgent update to the latest version of WooCommerce (5.5.1), and if you use an older version, WooCommerce has created a special fix patch for each. This way you won't be forced to do a major WooCommerce upgrade if you don't have the time and resources right now.

• Find out if the email address and password have been compromised / stolen [Firefox Monitor]
• A new critical vulnerability to Internet Explorer endangers Windows systems
• Another vulnerability discovered in Java
• WooCommerce 30+ Variation Not Working [How-To Fix]

For example, if you have an online store you have installed WooCommerce 3.4.x, the security update is WooCommerce 3.4.8. It is not mandatory to switch to WooCommerce 5.5.1, but it is very indicated that in the near future you have this.

All versions with Fixed Security Patch can be discharged and manually updated on WooCommerce Core / Releases. The updated versions are those with the date “2021-07-14“.

The update can be done and from Dashboard → Plugins → WooCommerce → Update, or automatic update if you have this option in WordPress.

We hope that the security breach was discovered in time and that most of the online stores are on the stage to make the store updates.

Critical Vulnerability Detected in WooCommerce – The investigation is still underway. At the moment, the impact of this vulnerability is not known and if the fixed patch could affect something negatively.