WooCommerce 8.8.5 and 8.9.3: Dot Release and Backport Fixes

WooCommerce 8.8 and 8.9 have received important fixes.

The issue is present on pages that contain the Classic Checkout and allows for the injection of HTML and JavaScript into the page. See our developer advisory for more information.

These releases fix said issues.

Current Stable Tag

๐Ÿ‘‰ WooCommerce 8.9.3

๐Ÿ“† Released June 10, 2024

Whatโ€™s in this release

Weโ€™re releasing patches for 8.8 and 8.9 to address an XSS vulnerability found in these versions, which affects pages with the Classic Checkout. This vulnerability allows for the injection of HTML and JavaScript, posing a security risk. To mitigate this, patches have been included in WooCommerce 9.0 and backported to versions 8.8 and 8.9. Users running these versions are advised to update urgently to protect against potential attacks.

See our developer advisory for more information.

Other important information

๐Ÿ‘‰ The new stable tag is now 8.9.3, and with it includes all the updates from the 8.9 release.

Get WooCommerce 8.9.3

๐Ÿ‘‰ To upgrade: See our update guide or download the latest release from WordPress.org.

๐Ÿž Found a Bug? Please submit a report it on GitHub.

Reposted from WooCommerce

If you have a care plan with 7th Circle Designs this update will be taken care of based on your plan’s schedule. If you do not have a care plan, sign up now.