New WooCommerce update, addresses security vulnerability.

Leave a Comment / Online shops, Other / By

New WooCommerce update, addresses security vulnerability.

A new WooCommerce update has been released. It is significant in that it fixes a security vulnerability that allowed malicious content to be inserted into the browser. The issue mainly affects WooCommerce shops with the order attribute enabled, this feature is enabled by default. The affected versions are:

8.8.08.8.18.8.28.8.2
8.8.48.9.08.9.18.9.2

If you are using WooCommerce 8.8.0 or later, you should update WooComerce to the latest version as soon as possible.

How do you update your shop to make it secure?

If you do not have the correct version, you will need to update WooCommerce manually.

To update the extension you need to follow the steps below:

  1. Log in to the WP administration panel of your shop and go to Plugins .
  2. Find WooCommerce in the list of installed plugins and extensions. You should see an alert with the information: „A new version of WooCommerce is available.
  3. Click the Update Now link displayed in this alert to update to version 8.9.3.

If you cannot update WooCommerce immediately, disable the option Assignment of orders . This loophole can only be exploited if order assignment is enabled.

What is the gap?

This vulnerability could allow cross-site scripting - a type of attack where a link is manipulated to place malicious content on a page (using code such as JavaScript). This could affect anyone who clicks on the link, including the customer, vendor or shop administrator.

I am using a version of WooCommerce older than 8.8.0; does this affect my shop?

The vulnerability affects any WooCommerce shop running WooCommerce 8.8.0, 8.8.1, 8.8.2, 8.8.3, 8.8.4, 8.9.0, 8.9.1, 8.9.2, particularly if your shop has order attribution enabled (this feature is enabled by default). If you are using an earlier, stable, updated version of WooCommerce, your shop is not affected.

If your shop is running on the latest version of WooCommerce 8.9.3, no need to worry, your shop is secure.

What else can I do to keep my shop safe?

We encourage you to maintain high security standards. Use strong passwords, use two-step authentication, monitor transactions, use the latest versions of WooCommerce and update your site plugins to stable and secure versions.

Leave a Comment

Your email address will not be published. Required fields are marked *

Write to us

You want to improve
your business?

Bartłomiej Biedrończyk

Call
+48 575 330 370

Arrange a free consultation at a Google Meet

Make an appointment


    Write to us
    Write to us
    CALL ME
    +
    Call me!
    4AD
    Privacy Overview

    This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.