A critical vulnerability concerning WooCommerce and the WooCommerce Blocks feature plugin was identified and responsibly disclosed by a security researcher from the HackerOne security program. Based on the currently available evidence, they believe any exploit was limited. However, proper steps should be taken.

What Actions Should Be Taken For Websites with WooCommerce?

First and foremost, upgrade to the latest version of WooCommerce.

It is highly recommended that you update passwords for any Admin users on your website, especially if using same login and password on other websites.

It is also a good idea to replace or update any API keys related to your payment gateway or WooCommerce.

To change your Password: Go to ‘Users’ > Select the Admin Account you want to change > Look for the ‘New Password’ button to update

Critical Vulnerability Identified in WooCommerce (versions 3.3 to 5.5)

Is WooCommerce still safe to use?

Yes. Incidents like this are uncommon, but do unfortunately sometimes happen. The platform remains one of the most widely used shopping cart systems available for WordPress.

Additional details about this vulnerability are available from WooCommerce.