Jovani
Active member
- Joined
- Jul 10, 2012
- Messages
- 338
- Points
- 28
A new article on Search Engine Journal here reports that WooCommerece just announced a patch for a critical vulnerability that is rolling out as a forced update. Publishers have been urged to check if they're updated.
WooCommerce has just announced it has patched a critical vulnerability affecting millions of users. Publishers using the WooCommerce plugin or the WooCommerce Blocks plugin are strongly urged to update their plugins if they have not already automatically updated.
After updating to a patched version, the company also recommends:
Updating the passwords for any Admin users on your site, especially if they reuse the same passwords on multiple websites
Rotating any Payment Gateway and WooCommerce API keys used on your site.
If your website didn't get the automatic update, That could be for a number of reasons, a few of the most likely are: you're running a version prior to one impacted (below WooCommerce 3.3), automatic updates have been explicitly disabled on your site, your filesystem is read-only, or there are potentially conflicting extensions preventing the update. In all cases (except the first example, where you are unaffected), you should attempt to manually update to the newest patched version on your release branch (e.g. 5.5.1, 5.4.2, 5.3.1, etc.)
WooCommerce has just announced it has patched a critical vulnerability affecting millions of users. Publishers using the WooCommerce plugin or the WooCommerce Blocks plugin are strongly urged to update their plugins if they have not already automatically updated.
If you have a WooCommerce store, automatic software updates began rolling out on July 14, 2021, to all stores running impacted versions of each plugin. It's recommended you ensure that you're using the latest version. For WooCommerce, this is 5.5.1 or the highest number possible in your release branch. If you're also running WooCommerce Blocks, you should be using version 5.5.1 of that plugin.
After updating to a patched version, the company also recommends:
Updating the passwords for any Admin users on your site, especially if they reuse the same passwords on multiple websites
Rotating any Payment Gateway and WooCommerce API keys used on your site.
If your website didn't get the automatic update, That could be for a number of reasons, a few of the most likely are: you're running a version prior to one impacted (below WooCommerce 3.3), automatic updates have been explicitly disabled on your site, your filesystem is read-only, or there are potentially conflicting extensions preventing the update. In all cases (except the first example, where you are unaffected), you should attempt to manually update to the newest patched version on your release branch (e.g. 5.5.1, 5.4.2, 5.3.1, etc.)
