WooCommerce 5.7.0 Patches Security Issue
WooCommerce shipped version 5.7.0 through a forced update for some users earlier this week. The minor release was not billed as a security update but the following day WooCommerce published a post explaining that the plugin was vulnerable to having analytics reports leaked on some hosting configurations:
On September 21, 2021, our team released a security patch to address a server configuration setup used by some hosts, which under the right conditions may make some analytics reports publicly available.
WordPress.org pushed an automatic update to affected stores beginning on September 21, for all sites that have not explicitly disabled automatic updates. The WooCommerce team created a patch for 18 versions back to 4.0.0, along with 17 patched versions of the WooCommerce Admin plugin. Those whose filesystem is set to read-only or who are running WooCommerce versions older than 4.0.0 will not have received the automatic update and should proceed to manually update their sites.
WooCommerce recommends users update to the latest version, which is now 5.7.1, or the highest number possible in your release branch. The security announcement post has detailed instructions for how store owners can check to see if their report files may have been downloaded.
More than 5 million WordPress sites use WooCommerce. At the time of publishing, 59.8% are running on version 5.4 or older. Only 12.8% are using the lates 5.7.x release.
WooCommerce 5.7.1 was released earlier today after the team received multiple reports of broken sites following the 5.7.0 update. This release includes fixes for regressions and new bugs identified in the previous update.
Whether you’re worried about the quality of your website, or you’re ready to get WooCommerce agencies working for your business, don’t miss out on the opportunity to grow your brand while making your workload smaller through well-optimised e-commerce content.
MWB are a development agency specialising in Woocommerce and ecommerce stores. Our experienced team are specialists in delivering ecommerce solutions, bespoke web design and engaging, high converting Woocommerce websites that align with your business goals.
Check out our sister company MWB Digital, a digital agency focusing on maximising sales through your online shop via enhanced user experience, digital strategy, effective marketing campaigns, conversion rate optimisation and content-led marketing that powers your ecommerce platform.