WooCommerce 9.7.1 has been released
This release includes important security fixes and hardening measures.
Weโve released important security improvements to enhance the protection of WooCommerce against XSS vulnerabilities. These updates focus on hardening the Cart and Checkout experiences by preventing potential attacks.
Whatโs in this release
Product Name XSS Fix โ Weโve removed decodeEntities from product names used in the Cart & Checkout. This prevents cases where harmful scripts could be injected via product names. (#56048)
Safer Coupon Notices in Shortcodes โ Instead of appending text directly, we now append elements, reducing the risk of XSS in coupon notices. (#56047)
Refactored String-Based HTML in JavaScript โ We replaced concatenated string-based HTML elements with createElement(), making the codebase more secure against potential script injection. (#56047)
Reposted from WooCommerce
If you have a care plan with 7th Circle Designs this update will be taken care of based on your plan’s schedule. If you do not have a care plan, sign up now.
