The vulnerability could be abused by unauthorized attackers to access arbitrary data from the database of any WooCommerce-powered online store.
Wordfence, whose cybersecurity researchers developed proof-of-concepts that exploited the vulnerability, note that the vulnerability affected not just the five millions WooCommerce users, but also the 200,000 websites that used the WooCommerce Blocks feature plugin.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.
- We've built a list of the best WordPress hosting providers
- Here’s a list of the best Wordpress plugins
- And these are the best ecommerce plugins for WordPress
“Upon learning about the issue, our team immediately conducted a thorough investigation, audited all related codebases, and created a patch fix for every impacted version (90+ releases) which was deployed automatically to vulnerable stores,” notes WooCommerce’s Head of Engineering Beau Lebens in a blog post.
Exploited in the wild?
The vulnerability was reported by Josh Ledford, founder of cybersecurity company Development Operations Security (DOS).
Lebens notes that WooCommerce is still investigating the vulnerability and will report back to its community on whether data has been compromised is ongoing. The same information was repeated in the comments by various WooCommerce team members when prompted for an update by users.
According to Wordfence though, the original researcher did indicate that the vulnerability has been exploited in the wild. Wordfence too claims it has “found extremely limited evidence” of the exploit being widely used and believes that any reported incidents were perhaps highly targeted ones.
In any case, if you use WooCommerce or its Blocks plugin, make sure your installation is running the latest patched version.
- Also take a look at these best WordPress themes
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.