ICYMI: Earlier this week, woocommerce sent out emails about a newly discovered vulnerability affecting all plugin versions from 3.3 – 5.5. urging all customers to immediately update their installations (Read their announcement: woocommerce blog)

Bugs and vulnerabilities get discovered every day; it’s part of the process. Most of them “fly under the radar” and get patched in a timely fashion; and most people (= website owners) never even hear about it (nor do they care too much either); and the majority of webmasters only notice them when there’s an “update available” link on their WordPress plugins page; as they shrug and click “update now”.

Hardly ever do software companies take the action woocommerce decided to take this week: Send out emails to shop admins notifying them of the vulnerability and patch dozens of versions – not just the latest (few).

Woocommerce went out of their way to patch versions going all the way back to the 3.3. branch, which was released in January 2018 – more than 3 (!) years ago and force-update to patched versions.

Only ~7% of woocommerce installations are up-to-date

According to wptavern, only around 7% of active woocommerce installations are up-to-date (running version 5.5.) at the time of this writing.

Source & credit: https://wptavern.com/woocommerce-patches-critical-vulnerability-sending-forced-security-update-from-wordpress-org

Summary

As always – if you are running a website, especially an e-commerce store, make sure your software is up-to-date; or at least ask your webmaster to do so. You are responsible if your data is breached and your customers’ data is leaked.

About the author:

Nina Khoury is a computer scientist, software engineer, data and information junkie and online marketer. She taught at various universities for more than six years and worked on projects for Fortune 500 companies including cisco, Intel and HP.

Leave a Comment

Click here to cancel reply.

Name (required)

Mail (will not be published) (required)

Website

Δ