WooCommerce 8.8 and 8.9 have received important fixes.
The issue is present on pages that contain the Classic Checkout and allows for the injection of HTML and JavaScript into the page. See our developer advisory for more information.
These releases fix said issues.
Whatโs in this release
Weโre releasing patches for 8.8 and 8.9 to address an XSS vulnerability found in these versions, which affects pages with the Classic Checkout. This vulnerability allows for the injection of HTML and JavaScript, posing a security risk. To mitigate this, patches have been included in WooCommerce 9.0 and backported to versions 8.8 and 8.9. Users running these versions are advised to update urgently to protect against potential attacks.
See our developer advisory for more information.
Other important information
๐ The new stable tag is now 8.9.3, and with it includes all the updates from the 8.9 release.
Get WooCommerce 8.9.3
๐ To upgrade: See our update guide or download the latest release from WordPress.org.
๐ Found a Bug? Please submit a report it on GitHub.
Reposted from WooCommerce
If you have a care plan with 7th Circle Designs this update will be taken care of based on your plan’s schedule. If you do not have a care plan, sign up now.