Are exchanged or reciprocal links okay with Google?
Etmagnis dis parturient montes, nascetur ridiculus mus. Donec lorem ipsum dolor sit amet, et consectetuer adipiscing elit. Aenean commodo ligula eget consyect etur dolor.

Contact Info

(+888)-123-4587

121 King St, Melbourne VIC 3000, Australia

info@example.com

Folow us on social

Vulnerability in WooCommerce affects millions of WordPress sites

Vulnerability in WooCommerce affects millions of WordPress sites

WooCommerce announced that they have patched a critical vulnerability affecting millions of users. Publishers using the WooCommerce plugin or the WooCommerce Blocks plugin are strongly encouraged to update their plugins if they are not already automatically updated.

WooCommerce forced automatic update

The vulnerability known as SQL Injection Vulnerability is so severe that WooCommerce automatically pushes the update to affected publishers.

Although the updates are automatic, some publishers report that some of their sites have not yet received the update.

So it is important to check and manually update if the site is not yet updated to the highest version of your WooCommerce version.

Advertising

Continue reading below

In general, a SQL Injection is a vulnerability that allows a malicious hacker to compromise the database in a way that causes it to display information or behave differently in ways it should not, as a general example of being able to manipulate database to reveal a password.

According to WooCommerce:

“If a store was affected, the exposed information will be specific to the site it stores, but may include order, customer and management information.”

The WordFence announcement noted that this is a vulnerability with blind SQL injection.

WordFence explained the effect:

“This vulnerability allowed unauthorized attackers to access arbitrary data in an online store’s database.

The Wordfence Threat Intelligence team was able to develop proofs of concept for time-based and Boolean-based blind injections and released an introductory firewall rule to our Premium customers within hours of the patch.

Advertising

Continue reading below

Have WooCommerce sites been compromised?

There is currently no evidence that a widespread attack is compromising WooCommerce sites.

WordFence said:

“Wordfence Threat Intelligence has found extremely limited evidence for these trials, and it is likely that such trials were highly targeted.”

WooCommerce software versions

What is meant by the version branch is the number associated with the version used by a publisher.

A publisher can use a very old version 3.x, a version 4.x and the latest version 5.x. Each of these versions, 3, 4 and 5 is considered a branch.

WooCommerce versions 4.x and 5.x are called branches of the software, and version 5 is considered a big step up from version 4.

Some publishers may find it annoying to update from version 4.x to 5.x.

To address these publishers, WooCommerce released a patch that closes the vulnerability of each branch.

So if a site has WooCommerce version 4.x, they are encouraged to update to at least version 4.8.1, which is the latest version of the 4.x WooCommerce branch.

Nevertheless, even though the latest version of older branches is patched, the official announcement recommends updating to the latest version of WooCommerce, current version 5.5.1.

The message noted:

“… we still strongly recommend that you make sure you are using the latest versions of WooCommerce and WooCommerce Blocks (5.5.1).”

Advertising

Continue reading below

This statement may have inadvertently caused a bit of confusion as to how far up the branch publishers of the version should update.

Some publishers wondered that if they are using version 4.x, whether it is secure or should they update to the latest version of the highest branch in WooCommerce, currently version 5.5.1?

This is what someone asked in the comments section of the official announcement:

“Is Woocommerce version 4.8.1. safe now or not? ”

A person from WooCommerce responded with the following statement:

“As this critical vulnerability concerns the WooCommerce plugin, we strongly recommend that it be updated first.

The version you mention, 4.8.1, contains the security patch, so there is nothing else you need to do here until you are ready to update to the latest version (5.5.1). ”

Advertising

Continue reading below

Quotes

Official WooCommerce Announcement
Critical Vulnerability Found in WooCommerce July 13, 2021 – What You Need to Know

WordFence report and vulnerability analysis
Vulnerability with critical SQL injection updated in WooCommerce

    Leave Your Comment

    Your email address will not be published.*