WooCommerce announced an urgent patch on 15th July that urging users of WooCommerce (versions 3.3 to 5.5) and the WooCommerce Blocks feature plugin (versions 2.5 to 5.5) to immediately update the plugin to avoid issues due to vulnerability
WooCommerce are one of the most popular eCommerce engine powering WordPress website enabling over 5 millions Shopping Website. According to Treatpost , it is estimated to be affecting 200,000 website that using WooCommerce Blocks Features
WooCommerce Vulnerability is a Type of SQL Injection
This Vulnerability are part of the SQL injection group that are very severe that WooCommerce made global announcement and pushing immediate updates. SQL Injection allows hacker to inject malicious codes to the database and causing misbehaviors such as displaying potentially administrative only data or sometimes allow the culprit to access the database directly.
WooCommerce clarifies that
“If a store was affected, the exposed information will be specific to what that site is storing but could include order, customer, and administrative information.”
Updating WooCommerce like this are critical, but often difficult as it may break the codes by the theme or any customization that would have deploy to WooCommerce. There are also related plugin that are not verify to work 100% with the new WooCommerce Updates.
WooCommerce / WordPress users often overlooked to updates to their website. WordPress relies on the security and stability of its theme, plugin so that each WordPress installation are secure. An outdated theme, plugins or WordPress version could call potential vulnerabilities which causing security problems, allowing hackers to take advantage of security backdoors to access your sensitive information.
From #bigdomain experience, there are many WooCommerce user are still on 4x version due to old theme and it still working. Nevertheless, it is important that all WooCommerce user should contact their developer, start deploying staging site and attempting to make an updates test to to use the latest WooCommerce which currently at 5.5.1
For Those unable to find a developer to support this, please immediately Contact Bigdomain WordPress Team to immediately updates all outdated WordPress & WooCommerce Plugin, at the same time we also recommending all WordPress to be Protected by a Security & Firewall Plugin such as Malcare. Bigdomain offers 24×7 Daily Protection and it is available for subscription for all customer.
Please checkout more information here
The type of WordPress/ WooCommerce maintenance and support available are
- WordPress theme / plugin updates
- WordPress/WooCommerce Daily / hourly Offsite Backup
- Daily Security Scanning& Audit with Firewall Protection
- Speedup and Optimization
- Contents Updates