1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • WooCommerce mandates security update after critical vulnerability was

    From TechnologyDaily@1337:1/100 to All on Thu Jul 15 14:00:04 2021
    WooCommerce mandates security update after critical vulnerability was detected

    Date:
    Thu, 15 Jul 2021 11:49:05 +0000

    Description:
    WooCommerce is currently patching critical vulnerability that affected online store owners using its services.

    FULL STORY ======================================================================

    Free WordPress open source plugin WooCommerce has created a patch fix for a critical vulnerability that was identified on July 13, 2021 through the company's HackerOne security program.

    The company found that the vulnerability affected the WooCommerce plugin versions 3.3 to 5.5, as well as versions 2.5 to 5.5 of the WooCommerce Blocks feature plugin.

    WooCommerce says it began conducting an investigation, audited all related codebases, and deployed an automatic patch fix to all stores that were affected. Check out our list of the best WooCommerce hosting on the market Here is a list of the best ecommerce website design services available Also, take a look at the best ecommerce WordPress themes right now

    In a security update blog post, WooCommerce said: "Automatic software updates are rolling out now to all stores running impacted versions of each plugin, but we still highly recommend you ensure that youre using the latest version. For WooCommerce, this is 5.5.1 or the highest number possible in your release branch. If youre also running WooCommerce Blocks, you should be using version 5.5.1." Data compromised

    It is still unclear whether the data of those affected had been compromised, although WooCommerce has said it will be sharing more information with site owners on how to investigate this particular security vulnerability on their websites, as and when the information becomes available.

    If a store was affected, the exposed information will be specific to what
    that site is storing but could include order, customer, and administrative information, WooCommerce revealed.

    In an email, WooCommerce informed online store owners that stores hosted on WordPress.com and WordPress VIP had already been secured.

    WooCommerce provided the patch to WordPress.org , with automatic software updates still in the roll out process. This will be for the security of all stores running on impacted versions of each plugin.

    The company is still working with the WordPress.org Plugin Team to automatically update as many stores as possible to "secure versions of WooCommerce".

    It has also been advised that after installing the patched version, online store owners should update their passwords. Here is a list of the best
    managed WordPress hosting on the market

    Via WP Tavern



    ======================================================================
    Link to news story: https://www.techradar.com/news/woocommerce-mandates-security-update-after-crit ical-vulnerability-was-detected/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)