Woocommerce Security Woos
ICYMI: Earlier this week, woocommerce sent out emails about a newly discovered vulnerability affecting all plugin versions from 3.3 – 5.5. urging all customers to immediately update their installations (Read their announcement: woocommerce blog)
Bugs and vulnerabilities get discovered every day; it’s part of the process. Most of them “fly under the radar” and get patched in a timely fashion; and most people (= website owners) never even hear about it (nor do they care too much either); and the majority of webmasters only notice them when there’s an “update available” link on their WordPress plugins page; as they shrug and click “update now”.
Hardly ever do software companies take the action woocommerce decided to take this week: Send out emails to shop admins notifying them of the vulnerability and patch dozens of versions – not just the latest (few).
Woocommerce went out of their way to patch versions going all the way back to the 3.3. branch, which was released in January 2018 – more than 3 (!) years ago and force-update to patched versions.
Only ~7% of woocommerce installations are up-to-date
According to wptavern, only around 7% of active woocommerce installations are up-to-date (running version 5.5.) at the time of this writing.
Source & credit: https://wptavern.com/woocommerce-patches-critical-vulnerability-sending-forced-security-update-from-wordpress-org
Summary
As always – if you are running a website, especially an e-commerce store, make sure your software is up-to-date; or at least ask your webmaster to do so. You are responsible if your data is breached and your customers’ data is leaked.