We’ve just started rolling out automatic updates with patches for WooCommerce 3.5–6.3. This fix contains important security improvements for the PayPal Standard payment gateway (deprecated since July 2021). Please make sure to update your site if you don’t get the update automatically. For users who still run the PayPal Standard payment gateway, we strongly recommend switching to PayPal Payments …
WooCommerce 6.2.1 is available now. This release should be backwards compatible with the previous version and fixes two issues. Here’s what’s new: Fixed permission check for reviews in v1 & v2 REST API. Fixed Path Traversal in Importers. You can download the latest release of WooCommerce here or visit Dashboard → Updates to update the plugin from …
On September 21, 2021, our team released a security patch to address a server configuration setup used by some hosts, which under the right conditions may make some analytics reports publicly available. What actions should I take? Automatic software updates began rolling out on September 21, 2021, to all stores running impacted versions of WooCommerce, but we …
Important Security Patch Released in WooCommerce Read More »
tl;dr A critical vulnerability was detected in multiple versions of WooCommerce and the WooCommerce Blocks feature plugin. Patches for each impacted version have been created and deployed automatically to vulnerable stores.. The details A security vulnerability in WooCommerce and WooCommerce Blocks was recently discovered and reported to us via our HackerOne security program by security researcher Josh. This …
Developer Advisory: Critical Vulnerability in Multiple Versions of WooCommerce Read More »
This release fixes a bug discovered recently that allows anonymous users to create an account during checkout even when the “Allow customers to create an account during checkout” setting is disabled. The fix to this bug can be found here. We found this problem while investigating reports of a bot that is creating spam orders in some …
We’ve shipped a new release containing some security improvements for SelectWoo as well as other minor bugfixes. Here is the changelog for the release: **WooCommerce** * Security – Escape HTML in SelectWoo. **WooCommerce Admin 1.2.4** * Tweak: reduce asset filename length and remove tilde characters. #4535 * Fix: RTL stylesheet loading for split code chunks. …
WooCommerce 4.1.1 is now available! This is a fix release that contains some security improvements for downloadable files and other minor bug fixes. Here’s the change-log for this release: * Enhancement – Added notice about public uploads directory. #26207 * Tweak – Disallow directory listing in woocommerce_uploads when “Redirect only” is the selected download method. …
WooCommerce 3.9.2 is now available. This minor release includes two security fixes. Additionally — by popular demand! — it restores the default behavior of the “Shipping destination” option. Since this release contains fixes to improve security, we encourage you to update your sites as soon as possible. Here’s the full list of fixes: * Security …
