This week WooCommerce published a critical update for their WordPress eCommerce plugin with the advice that it is installed immediately.
What is it?
A serious vulnerability had been reported that could allow a ‘bad actor’ to exploit a cross-site scripting bug where a link is manipulated on a page. Anyone clicking on the link (the store / site admin as well as a customer) could be affected. The impact of this could be immense for your store and the wider website. At the time of publishing the update, WooCommerce believe that it had not been exploited (yet), but given the seriousness of the bug they have made this rare emergency announcement.
What to do?
Login to your WordPress Dashboard and got to the Plugins folder. Scroll down to find WooCommerce and check the version number. If you are currently on v8.9.3, then you can relax, you have the critical update installed. If you are NOT at v8.9.3, then you should hit the update link for WooCommerce.
I use an older version of WooCommerce – what should I do?
There are many reasons why a business might have to remain with an older version of WooCommerce. The update has been ‘back-ported’ to include version 8.8.x. If you can, you should update to v8.8.5. If you cannot update to either 8.9.3 or 8.8.5 than you need to manually turn off the Order Attribution option in your WooCommerce settings. If you are using an even older version (8.7.x or earlier) then you should not be impacted. However, why are you persisting with older plugin versions; there are many risks associated with this?
This is all gibberish – I need help!
We fully understand that notices like this can be scary. If you have any concerns over the security of your WooCommerce store or the wider WordPress website, QD Design can perform a security audit and make any changes that are required for you.
Let us take care of your website, so you can concentrate on taking care of your business.