Today WooCommerce announced that it found a critical vulnerability in two of its plugins and has fixed the issue. The two plugins impacted were the main WooCommerce plugin and the WooCommerce Blocks plugin. According to the website Your Mission Control, the issue was found in a large range of versions between version 2.5 and 5.5. Any website running WooCommerce is urged to update to the latest version of 5.5.1 in order to fix this vulnerability and keep their website and users safe.
Unfortunately WooCommerce did not give any guidance on what the actual issue was or if any websites were known to be impacted by this. They did say that their investigation was on-going and we might get more information about it later.
Your Mission Control, a website and hosting management service, believes that the flaw discovered could allow a hacker to access user data, shopping records, payment information, or even grant access to a website running WooCommerce.
Here’s a brief part of the email from the Your Mission Control blog, the full text is on their blog post about this.