Login

WooCommerce June 2024 Security Vulnerability

WooCommerce has advised that there is a vulnerability in WooCommerce for several versions overnight.

The vulnerability is linked to the Order Attribution setting, which allows hackers to inject malicious links into the website’s code.

Website owners are advised to update the plugin for the latest security update as soon as possible.

Alternatively, users may turn off Order Attribution in the interim if the new version causes problems with your site.

Clients using the WP Toolkit Smart Update tool have updates automatically run for them in the next day cycle, allowing for real-time site testing before changes are pushed live.

Those on Malware Protect powered by Sucuri also benefit from cross-site script block features.

What versions are impacted?

This vulnerability impacts the following versions of WooCommerce:

  • 8.8.0
  • 8.8.1
  • 8.8.2
  • 8.8.3
  • 8.8.4
  • 8.9.0
  • 8.9.1
  • 8.9.2

With the order attribution setting on. Note that it’s on by default.

How to update the WooCommerce plugin

If your version of WooCommerce has already been updated to version 8.9.3 (or auto-updates are being used), no further action is required.

If not, you’ll need to update it manually.

To update:

  1. Log in to your WordPress Admin dashboard and navigate to Dashboard > Updates (you can also access this for True Green® clients in the GROW dashboard via My Services > Login to cPanel > WP Toolkit or Softaculous).
  2. Locate WooCommerce for updates; you should see an alert for the new version. If not listed, the update may have already occurred. Check the Plugins page to verify your version of WooCommerce.
  3. Click the update now link to update version 8.9.3 in this alert.
WooCommerce version 8.9.3 update for security vulnerability in WordPress dashboard updates

Make sure you have a site backup in case something goes wrong. True Green® clients can find backups in My Services > Login to cPanel > Acronis.

If you’re updating from versions before 8.9.2, be careful as other updates may conflict with your website.

How to turn off the order attribution setting

You can enable (or disable) this feature by going to WooCommerce > Settings > Advanced > Features > Order Attribution.

Note that this is a temporary measure because there’s a risk someone may still log in to your site and turn this on. So it is highly advisable to use the most recent version, 8.9.3, as soon as possible.

Is WooCommerce secure?

WooCommerce is used by millions of websites around the world.

Plugins often have security vulnerabilities as they update their features to improve their services. This particular issue was reported through a bounty program. Whereby third-party users or ethical hackers can report issues to WooCommerce and receive a monetary incentive for doing so.

Software as a Service providers like Shopify also have these issues; however, they do not rely on user action, given they can provide real-time updates automatically.

WooCommerce is a trusted and reliable provider of WordPress online stores.

It’s always advisable to keep your site software up to date to protect your website from hackers and bad traffic.

Please note that hackers do not pick sites based on the website’s size. It’s often done at random and using mass-scale bot technology.

How does True Green® Hosting keep me secure?

Like many other tools, incidents like this happen because WordPress is an open content management system. That allows developers to build a highly flexible and customisable platform for many businesses and organisations.

We provide clients with advanced firewalls and security to help protect their accounts, along with hourly backups via Acronis.

The Smart Update tool in WP Toolkit (My Services > Login to cPanel > WP Toolkit) is also suggested for enjoying automatic updates as they come in from providers.

We suggest adding Malware Protect, powered by Sucuri, for eCommerce and sites that collect personal information. This enterprise-grade protection also offers free malware clean-ups if your site gets compromised by a login, plugin, theme or software issue.

In addition, we take incidents like this seriously and, given WooCommerce’s high usage, have conducted a network-wide audit to identify those using a vulnerable version of the plugin on our True Green® Hosting network.

Share:

More Posts

Send Us A Message

About Us

At True Green®, we are creating a green web made for Australian small businesses. Backed with over 10 years of experience and leading security and technology.

We measure your carbon footprint and offset it for you. And make things easier with our easy breezy promise.

It’s the way web hosting should be. Less fuss and no more jargon. A network Mother Roo can be proud of.

Terms and Conditions

Login

PARTNERS

Partners logo 2024
Carbon Neutral logo Partner

Quick Links

examples

support

Follow Us

Instagram Facebook-f Linkedin

Acknowledgement

We acknowledge the Traditional Owners of this land and the Wurundjeri-Woi wurrung people of our local area. We pay our respects to the Elders, past, present, and emerging.

We are based in Melbourne, Australia.

  • Proudly Diverse