A critical vulnerability was discovered in multiple versions of WooCommerce and the WooCommerce Blocks feature plugin and disclosed by security researcher Josh via WooCommerce’s HackerOne security program. This vulnerability can result in data like user IDs and hashed passwords being exposed.
Patch fix for over 90 impacted releases
After being reported by security researcher Josh, WooCommerce teams started to conduct a thorough investigation, audit-related codebases, and create a patch fix for over 90 impacted releases. This patch was deployed to vulnerable stores automatically.
Furthermore, WooCommerce recommends updating to the latest version of these plugins, which is currently 5.5.1. You can reach the guide on how to update WooCommerce safely.
While the company’s investigation into this vulnerability is ongoing, they will also share detailed information with site owners on investigating this security vulnerability on their site. If a store on WooCommerce was affected, the exposed information could include order, customer, and administrative details depending on the stores’ products.