Overview
A critical security vulnerability has been identified in WooCommerce and the WooCommerce Blocks plugin, necessitating an emergency update. This update needs to be applied immediately to keep your site safe.
Managed WordPress Customers
Conetix will install the update on your behalf. This is being rolled out at present and we expect all sites to be patched and fully protected very shortly.
Update: All managed clients have been patched.
If you login to your WordPress instance and you’re running WooCommerce 5.5.1, 5.4.2, 5.3.1 or 5.2.3 then your system has been patched.
Standard Hosting Customers and Virtual Private Server Customers
For all plans where Conetix doesn’t manage the WordPress updates on your behalf, you or your developer will need to perform the update yourself.
We highly recommend ensuring you take a backup before running the update.
Frequently Asked Questions
How do I know if I’m affected?
All WooCommerce Block versions between 2.5 and 5.5 are affected
Which version is up-to-date?
Update: The WooCommerce team are releasing backported updates. For example, if you’re running WooCommerce 5.4, 5.4.2 has been released which contains the fix.
Please check the releases list for versions released 14 July 2021: https://developer.woocommerce.com/releases/
What can be exploited?
Update: The exploit had been used to gain access to a list of administrator accounts along with hashed versions of the password. As a precaution, we recommend updating your administrator passwords.