WooCommerce Security Release

WooCommerce Security 1024x576 1

WooCommerce 3.5.10–6.3.1 Security releases

We’ve just started rolling out automatic updates with patches for WooCommerce 3.5–6.3. This fix contains important security improvements for the PayPal Standard payment gateway (deprecated since July 2021). Please make sure to update your site if you don’t get the update automatically. For users who still run the PayPal Standard payment gateway, we strongly recommend switching to PayPal Payments …

WooCommerce 3.5.10–6.3.1 Security releases Read More »

WooCommerce Security 1024x576 1

WooCommerce 6.2.1 Security Fix

WooCommerce 6.2.1 is available now. This release should be backwards compatible with the previous version and fixes two issues. Here’s what’s new: Fixed permission check for reviews in v1 & v2 REST API. Fixed Path Traversal in Importers. You can download the latest release of WooCommerce here or visit Dashboard → Updates to update the plugin from …

WooCommerce 6.2.1 Security Fix Read More »

WooCommerce Security 1024x576 1

Developer Advisory: Critical Vulnerability in Multiple Versions of WooCommerce

tl;dr A critical vulnerability was detected in multiple versions of WooCommerce and the WooCommerce Blocks feature plugin.  Patches for each impacted version have been created and deployed automatically to vulnerable stores.. The details A security vulnerability in WooCommerce and WooCommerce Blocks was recently discovered and reported to us via our HackerOne security program by security researcher Josh. This …

Developer Advisory: Critical Vulnerability in Multiple Versions of WooCommerce Read More »

WooCommerce Security 1024x576 1

WooCommerce 4.6.2 Fix Release

This release fixes a bug discovered recently that allows anonymous users to create an account during checkout even when the “Allow customers to create an account during checkout” setting is disabled. The fix to this bug can be found here. We found this problem while investigating reports of a bot that is creating spam orders in some …

WooCommerce 4.6.2 Fix Release Read More »

WooCommerce Security 1024x576 1

WooCommerce 3.9.2 Security Release

WooCommerce 3.9.2 is now available. This minor release includes two security fixes. Additionally — by popular demand! — it restores the default behavior of the “Shipping destination” option. Since this release contains fixes to improve security, we encourage you to update your sites as soon as possible. Here’s the full list of fixes: * Security …

WooCommerce 3.9.2 Security Release Read More »