WooCommerce has released a patch for a critical vulnerability which was identified on July 13th, 2021, by a security researcher through Automattic’s HackerOne security programme.
 
The vulnerability impacts versions 3.3 to 5.5 of the WooCommerce plugin, as well as version 2.5 to 5.5 of the WooCommerce Blocks feature plugin. Upon learning about the issue, our team immediately conducted a thorough investigation, audited all related codebases, and created a patch fix for every impacted version (90+ releases) which was deployed automatically to vulnerable stores WooCommerce” Head of Engineering Beau Lebens said in the security announcement.
 
At this time, it’s unknown if any data has been compromised so it’s recommended to keep an eye on their blog for news updates.
 
What should you do?
 
First, log in to your WordPress admin dashboard and find out what version of the WooCommerce plugin your store is using and if you’re also using WooCommerce Blocks. The vulnerability affects WooCommerce versions 3.3 to 5.5 and WooCommerce Blocks versions 2.5 to 5.5, so if your version falls into this release range, it’s recommended that you update these plugins ASAP.
 
Before doing so, you should follow best practices and take a backup of your website, ideally through your hosting provider as well as off-server. The latter due to the way most hosting providers take backups. After you have taken a backup, proceed to update WooCommerce / WooCommerce Blocks. You should then be prompted to perform a database update which you will need to do. At this stage, you may also see a notification on your dashboard that you have theme files that contain outdated copies of WooCommerce template files. If so, check to see if there are any theme updates and if so apply them.
 
Next comes up associated plugins. You may have additional WooCommerce functionality in the form of plugins that will need updating. This could be things like WooCommerce add-ons from 1st and 3rd party providers. You will want to update these as well.
 
Finally, comes testing. You will want to thoroughly test everything on the front end including processing orders. Hopefully, everything goes smoothly.
 
These types of vulnerabilities are not that common and thankfully WooCommerce were quick to action auditing and updating their core plugin.