WooCommerce Exploit Found – Update Required

Earlier this week, the GreenGeeks Abuse team was notified of an exploit with the very popular WordPress plugin WooCommerce. The WooCommerce development team identified this exploit and immediately released an updated version of the plugin. The exploit was found to allow a potential attacker to retrieve WooCommerce data from the website.

In such situations, GreenGeeks typically forces an update to the affected plugin, across our entire network, to ensure our users are not vulnerable. However, we, unfortunately, are not able unable to force WooCommerce updates without potential issues this may introduce for out-of-date sites.   As GreenGeeks has not applied this update automatically,  it is imperative that all GreenGeeks WooCommerce users update their own websites as soon as possible.

While GreenGeeks has implemented measures to block this malware from being immediately exploited at the server level, updating this plugin will resolve the root cause of the exploit and protect your site from having sensitive client data exposed.  WordPress even allows you to implement automatic updates for all themes and plugins in the WordPress.org repository. We strongly recommend that all customers implement automatic updates on their themes and plugins as doing this will ensure future releases for exploits are applied immediately upon release, protecting your site automatically.

To update WooCommerce, you’ll need to login to your WP-Admin, or use the WP CLI tool.  GreenGeeks customers can easily access your WordPress easily via Softaculous or via your GreenGeeks dashboard. 

If you are an existing GreenGeeks customer and require our assistance in updating your WooCommerce plugin, please open a Support Ticket via your GreenGeeks dashboard and our team will be happy to assist you.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.